Updated Lonely hearts on the dating website Guardian Soulmates have been targeted with sexually explicit spam emails after trolls abused leaked contact information.
Guardian News & Media, which runs the site, blamed a third-party tech supplier for the issue, which has since being resolved, the BBC reports. Only email addresses and user IDs were directly exposed, a spokesman for the site told the BBC. This login info offered a possible mechanism for miscreants to harvest further information from users’ profiles.
The issue came to light after users received offensive messages to email addresses they only used with the service.
Jes Breslaw, director of strategy at Delphix, commented: “Given that the spam came as a result of a third party, it’s likely the original breach came from a test system – which demonstrates the importance of adopting multi-layered security measures when working with third party consultants, contractors or outsourcers.”
网络攻击越来越复杂,我们注意教育全体员工特别是高级管理层,要注意防范网络欺诈和网络钓鱼攻击,不要轻易接收、运行陌生人发来的程序和文件,也不要点击那些奇怪的带有诱惑字眼的链接。
Marco Cova, senior security researcher at Lastline, added that although the leaked information wasn’t particularly sensitive it might still be used as fodder for follow-up phishing attacks.
El Reg asked Guardian Soulmates for a comment but we’re yet to hear back. ®
Updated to add
In a statement, Guardian News & Media apologised, and blamed the problem on “human error by one of our third party technology providers.” In a statement, the publisher said:
We can confirm we have received 27 enquiries from our members which show evidence of their email addresses used for their Soulmates account having been exposed.
We take matters of data security extremely seriously and have conducted thorough audits of all our internal systems and are confident that no outside party breached any of these systems. Our ongoing investigations point to a human error by one of our third party technology providers, which led to an exposure of an extract of data. This extract contained only members’ email addresses and user ID which can be used to find members’ publicly available online profiles.
We have taken appropriate measures to ensure this does not happen again, and we continue to review our processes and third party suppliers.
Nonetheless, we apologise to our members who were affected. If any of our members are concerned we encourage them to contact us on [email protected]
Sponsored:
Continuous lifecycle London 2017 event. DevOps, continuous delivery and containerisation. Register now
更新后的寂寞的心,在约会网站卫士知音已针对色情垃圾邮件后巨魔滥用泄露的联系信息。
卫报新闻
这个问题曝光后,用户收到攻击性信息的电子邮件地址,他们只使用与服务。
是的布莱斯劳,lphiX,战略总监说:“鉴于垃圾邮件是由于三分之一方违约,很可能原来来自一个测试系统–说明采用多层安全措施工作与第三方顾问时的重要性,承包商和外包商。”
Marco Cova,Lastline高级安全研究员说,虽然泄露的信息并不是特别敏感,它可能仍然被用于后续的网络钓鱼攻击的饲料。
埃尔条问守护知音置评但我们没有听到回。®
更新添加
在一份声明中,卫报新闻
我们可以确认我们已经收到个来自我们成员表明他们的电子邮件地址用于证据已经暴露了他们的知音帐户。
我们非常重视数据安全问题,并对我们所有的内部系统进行了全面的审核,并确信没有外部方违反任何这些系统。我们正在进行的调查指出,由我们的第三方技术提供商之一,这导致了曝光的数据提取一个人的错误。此提取只包含成员的电子邮件地址和用户ID,可用于查找成员的公开可用的在线配置文件。
安全教育是智能安全的核心要素

我们已采取适当的措施,以确保这种情况不会再次发生,我们将继续审查我们的流程和第三方供应商。
不过,我们向受影响的成员道歉。如果我们的任何成员来说,[email protected]
赞助:
连续生命周期伦事件vOps,连续的传递和集装箱。现在登记
下载手机游戏要小心,要到可信的站点下载。不管是通过PC还是WIFI、3G等下载,都记得要先查杀一下病毒。

猜您喜欢

深圳福田强调坚决守好第一道稳定安全防线
信息安全第一课——丢弃毁坏的U盘
CyberSecurity网络安全意识——如何创建强健又易记的密码
五一专题
ATPAGES ALLTIPSANDTRICKS
如何防范智能手机LBS地理位置信息泄露