Dating website BeautifulPeople.com has allegedly been hacked, and the names, addresses, phone numbers and even private messages of 1.1 million members have been leaked online. Here to comment on this news are security experts from GBC and Kaspesky Lab. John Lord, Managing Director at GBG says that organisations need to take action to minimise the effects of identity theft of users. David Emm, Principal Security Researcher at Kaspersky recommended that there is need to have an effective cyber security strategy in place to combat the threats.
John Lord, Managing Director at GBG:
“Whilst BeautifulPeople.com has told users financial details were not leaked, this data breach should still be cause for concern. Card details can be replaced but your personal information, such as your name, your job and address cannot be so easily replaced and can be used by criminals, who purchased the details on the dark web, for identity theft.
In the first instance, identity thieves will use the real identity of an individual and thereafter, create synthetic identities compiled from elements of the data stolen from a user. Taking a ‘sledgehammer’ approach to blocking the original identity to avoid the identity theft is often a waste of time as fraudulent activity usually only happens for less than a month after the crime has occurred. As this hack allegedly occurred in December, organisations need to take action and use more data, analytical insights and triangulation of multiple identity proofing techniques to minimise the potential effects of identity theft for both the user and the businesses serving them.”
David Emm, Principal Security Researcher at Kaspersky Lab:
“Following last year’s attack on Ashley Madison, there is news of another dating site being hacked. However, the impact such exposure can have is not only detrimental to the security of an individual’s personal details, but can also have serious financial implications. Customers that are entrusting private information into the care of a website should be safe in the knowledge it is kept in a secure manner and all companies who handle private data have a duty to ensure it.
In the case of the ‘Beautifulpeople.com’ hack the leaked data contains information such as real names, addresses, sexual preferences and private messages between customers. Now it’s public, cyber-criminals have the opportunity to use this information to steal personal identities or more. Unfortunately, once a breach of this nature has been made, there is not much that can be done. In this case, customers can change usernames and passwords just to be on the safe side, but ultimately, the damage related to customers’ privacy being compromised is not something that can be easily fixed. Consumers should always read any terms of use and privacy policies very carefully before sharing confidential data with websites.
Whilst security solutions significantly mitigate the risk of a successful attack, there are also other measures businesses can take in order to provide thorough protection. These measures include running fully updated software, performing regular security audits on the website code and penetration testing the infrastructure. It’s crucial that businesses ensure all passwords are protected with proprietary hashing and salting technology. The best way for organisations to combat these types of cyber-attacks is at the beginning; by having an effective cybersecurity strategy in place before the company becomes a target.”
The opinions expressed in this post belong to the individual contributors and do not necessarily reflect the views of Information Security Buzz.