Data Security Breach at Cupid Media Exposes 42 Million Unencrypted Passwords

Don Miller

On November 13th, security journalist, Brian Krebs, reported that cybercriminals had accessed personally identifiable information (PII) of up to 42 million customers of Australian online-dating company, Cupid Media.  Every data breach incident is potentially significant, for both the targeted organization and its customers/vendors/partners.  But what makes this data breach incident noteworthy is that all the stolen passwords were stored in unencrypted plain text.

The Importance of Using Strong Passwords

Various attack methods can be slowed down or defeated by the use of strong passwords.  After the breach, Cupid Media customers were advised to create new passwords that needed to be 10 or more characters in length and contain numbers and punctuation marks as well as upper- and lowercase letters.

Krebs identified examples of weak passwords:  “Of the leaked Cupid Media passwords, almost two million customers had picked “123456”, and over 1.2 million chose “111111”.”iloveyou” and “lovely” both beat out “password”, and while 40,000 chose “qwerty”, 20,000 chose the bottom row of the keyboard instead – yielding the password “zxcvbnm.

If you would like more information on how to make your passwords stronger, read a post form bTrade’s VP of Engineering, Clifton Gonsalves, called Are Your Passwords Secure?

Why Encryption is So Important for Data Security

Krebs also noted that “as the passwords in the Cupid Media leak were unencrypted, even customers who used strong passwords were still at a high risk of identity theft and account hijacking.”  Organizations like Cupid Media should use encryption to safeguard their data.  Even if someone hacks into your network, the encrypted data would be of no value to the intruder because it is unreadable without access to the encryption key.

Organizations should also take steps to protect their encryption keys.  You make it easier for cybercriminals to gain access to confidential data when encryption keys are stored on the same servers as your protected data.  Best practices today involve keeping keys separate from the data.

bTrade Can Help

It takes but one misstep to open the doors to a data breach.   Protect your organization by deploying a data encryption solution that can securely and effectively transmit, store and manage confidential data.  Please email us at to learn how bTrade solutions can help keep your data secure.