Dating website BeautifulPeople.com has allegedly been hacked, and the names, addresses, phone numbers and even private messages of 1.1 million members have been leaked online. Here to comment on this news are security experts from GBC and Kaspesky Lab. John Lord, Managing Director at GBG says that organisations need to take action to minimise the effects of identity theft of users. David Emm, Principal Security Researcher at Kaspersky recommended that there is need to have an effective cyber security strategy in place to combat the threats.
John Lord, Managing Director at GBG:
“Whilst BeautifulPeople.com has told users financial details were not leaked, this data breach should still be cause for concern. Card details can be replaced but your personal information, such as your name, your job and address cannot be so easily replaced and can be used by criminals, who purchased the details on the dark web, for identity theft.
In the first instance, identity thieves will use the real identity of an individual and thereafter, create synthetic identities compiled from elements of the data stolen from a user. Taking a ‘sledgehammer’ approach to blocking the original identity to avoid the identity theft is often a waste of time as fraudulent activity usually only happens for less than a month after the crime has occurred. As this hack allegedly occurred in December, organisations need to take action and use more data, analytical insights and triangulation of multiple identity proofing techniques to minimise the potential effects of identity theft for both the user and the businesses serving them.”
David Emm, Principal Security Researcher at Kaspersky Lab:
“Following last year’s attack on Ashley Madison, there is news of another dating site being hacked. However, the impact such exposure can have is not only detrimental to the security of an individual’s personal details, but can also have serious financial implications. Customers that are entrusting private information into the care of a website should be safe in the knowledge it is kept in a secure manner and all companies who handle private data have a duty to ensure it.
Whilst security solutions significantly mitigate the risk of a successful attack, there are also other measures businesses can take in order to provide thorough protection. These measures include running fully updated software, performing regular security audits on the website code and penetration testing the infrastructure. It’s crucial that businesses ensure all passwords are protected with proprietary hashing and salting technology. The best way for organisations to combat these types of cyber-attacks is at the beginning; by having an effective cybersecurity strategy in place before the company becomes a target.”