The hack took place in January, and the company did not admit to it until forced to by security researcher Brian Krebs.
Krebs discovered the files on the same server where user information stolen from Adobe last month was being stored. Adobe used some low-end encryption on their data, but Cupid Media almost shockingly stored everything in plain text.
Cupid Media's managing director Andrew Bolton says that in January when the hack occurred, "we took what we believed to be appropriate actions to notify affected customers and reset passwords for a particular group of user accounts. We are currently in the process of double-checking that all affected accounts have had their passwords reset and have received an email notification."
Only active users have been notified, which Bolton says "is considerably less than the 42 million that you have previously quoted". Since the breach, the company has begun salting and hashing, an industry standard that is also easily broken but at least offers some protection.
Written by: Andre Yoskowitz @ 20 Nov 2013 13:25
