01.Online dating sites breach privacy
Australian online dating company, Cupid Media, breached the Privacy Act by allowing the online dating profiles of 254,000 Australians to be hacked back in 2013, the Australian privacy commissioner has found.
Cupid Media (not connected to the American dating site OK Cupid) is based on the Gold Coast and runs 35 niche dating sites around the world, such as AussieCupid.com.au.
An investigation by the Privacy Commissioner found that Cupid Media failed to take reasonable steps to protect users’ personal information, which resulted in their full name, date of birth, email addresses and passwords being stolen by hackers in January 2013.
The investigation found that at the time of the incident, Cupid Media didn’t have the basic security strategy of password encryption in place.
Failure to take reasonable security steps
“Cupid insecurely stored passwords in plain text, and I found that to be failure to take reasonable security steps as required under the Privacy Act,” said Privacy Commissioner Timothy Pilgrim.
Cupid Media also didn't securely destroy, or permanently de-identify, personal information that was no longer required, a further breach of the Act as it needlessly places individuals at risk.
Following the hack, Cupid Media notified affected individuals and made sure their passwords were reset.
However, no penalties were imposed on Cupid Media as a result of the investigation as the commissioner did not have such powers under the privacy laws in place while the investigation was underway. New privacy laws have since been implemented which will allow the commissioner to impose civil penalties for serious breaches.
Mr Pilgrim said “hacks are a continuing threat these days” and reminded consumers using online dating sites to regularly update their privacy settings, change passwords and to be careful about which personal information you share.