Users of Guardian Soulmates have been targeted with sexually explicit spam emails after their contact information was accidentally exposed on the dating site.
Information from users’ profiles was included in the spam messages. The Guardian newspaper’s publisher, which runs the service, said “human error” was at fault.
Guardian News & Media blamed a third-party technology provider for the problem, which has now been fixed.The BBC was contacted by one user who said they had started receiving sexually explicit spam emails sent to an account they only used with the dating service.
Their Guardian Soulmates username appeared in the messages.The person, who requested that they remain anonymous, said they first contacted Soulmates six months ago because they were concerned about what other data may have been taken.
“I basically had been receiving spam […] directly referencing information that could only have come from the Soulmates database,” said another affected user, who also wished to remain anonymous.
“It’s all information that I was happy to put online at one point anyway, but when it’s used outside of context like that it does feel a lot more creepy.”
While the user – who works in IT – said they understood that incidents like this can occur, they were also surprised to be affected as they had not used the site for several years and were no longer paying a membership fee.
Guardian Soulmates response
A spokeswoman for the site – which costs users up to £32 per month – added that while only email addresses and user IDs had been exposed directly, such information could be used “to find members’ publicly available online profiles”.
Details on public profiles, such as a photo, relationship preferences and physical description, could then potentially be accessed.
“Our ongoing investigations point to a human error by one of our third-party technology providers, which led to an exposure of an extract of data,” she said. Guardian News & Media had apologised to affected users and would “continue to review” its processes and third-party suppliers, she told the BBC.
The Information Commissioner’s Office (ICO) has said it is “aware of a potential incident involving Guardian Soulmates and will be looking into the details”.
A Cyber Security Experts View
Data made available by the exposure could have been used in a variety of ways by scammers, said Prof Alan Woodward, a cyber-security expert at the University of Surrey.
He pointed out that Guardian Soulmates was the latest in a long line of incidents where users’ personal data has been made public either accidentally or following cyber-attacks.
“When we start using an online service of any nature, we put our trust in people to protect our information.”
Users who are concerned that data from their account might have been accessed should contact firstname.lastname@example.org.
Top tips for keeping safe:
- Privacy Settings– Change the default privacy settings on any social media or dating sites to limit personal information on show to the public.
- Links and Attachments– Do not open emails you suspect to be spam or open any links or attachments from such emails or unknown sources.
- Spam Filters– Most spam and junk filters can be set to allow email to be received from trusted sources, and blocked from untrusted sources. You can also obtain Anti Phishing software.
For more information about our work, please visit www.safeinwarwickshire.com/cybercrime
Cyber Aware is a cross-government campaign, funded by the National Cyber Security Programme. They aim to measurably and significantly improve the online safety behaviour and confidence of consumers and small businesses (SMEs).
Get Safe Online is the UK’s leading source of factual and easy-to-understand information on online safety. Their website offers advice on how you can protect yourself, your computers and devices, and your business against the likes of fraud, identity theft, viruses and other potential online problems