There are so many ways for love to go wrong offline, but online it can be a lot worse when your security and identity is at risk. Like we forewarned before Valentine’s, it’s important to protect yourself while doing anything online as you may suffer from more than heartache.
On Valentine’s Day, many users of the popular dating site, Coffee Meets Bagel, woke to an email warning about a data breach, instead of love notes. Coffee Meets Bagel released a statement to users stating that over 6 million accounts were compromised. Fortunately, no financial information or passwords were stolen. If you’re cynical you might think they had an ulterior motive to release on this date.
How Did This Happen?
The Coffee Meets Bagel breach was part of a larger data breach currently boasted about on the Dark Web. The hacker is advertising access to roughly 617 million accounts from 16 hacked websites. They are offering to sell this data to interested third parties, like spammers or credential stuffers.
These are the websites affected:
- Dubsmash (162 million)
- MyFitnessPal (151 million)
- MyHeritage (92 million)
- ShareThis (41 million)
- HauteLook (28 million)
- Animoto (25 million)
- EyeEm (22 million)
- 8fit (20 million)
- Whitepages (18 million)
- Fotolog (16 million)
- 500px (15 million)
- Armor Games (11 million)
- BookMate (8 million)
- CoffeeMeetsBagel (6 million)
- Artsy (1 million)
- DataCamp (700,000).
The Coffee Meets Bagel account information spans from 2017 to May 2018 and is mostly names, email addresses, gender, and registration information.
There has been no indication that the site will reset account passwords.
All users have been warned to beware of phishing emails and to not click on suspicious links. This is true if you use any of the above websites.
FixMeTip: Update those passwords
We’d encourage you to be proactive: clear out your inbox and change your passwords just in case (when’s the last time you did anyway?).
More Than One Dating App Under Fire
Before Valentine’s Day TechCrunch reported on some account takeovers. Account takeovers are when hackers log onto a different person’s OkCupid account and take charge. OkCupid has not acknowledged this security flaw.
A few people contacted TechCrunch to say OkCupid doesn’t send security emails when a user, or someone else, changes their password. Plus OkCupid’s disabled accounts can be re-enabled easily, allowing hacks to take charge of long-forgotten accounts. To ensure this doesn’t happen to you, enable two-factor authentication on all your accounts.
Like us on Facebook for up-to-date security news.