In July 2015, a cyber attacker group called Impact Team stole the controversial dating site's user database by identifying weaknesses in password encryption and used these to crack the bcrypt-hashed passwords to gain access.
The attackers tried to blackmail the company's parent company into taking the site down. After the company failed to take their website offline, and the hackers released everything, which included personal information including physical addresses for 37 million users. The group followed up by releasing a larger dump of corporate emails from the parent company, including the CEO's. He resigned shortly after.
There were real-world impacts from this breach, for instance, some of users implicated killed themselves shortly after being found in the database.
The company faced numerous class-action lawsuits from customers whose identities were exposed and in December 2016, the U.S. Federal Trade Commission applied a $1.66 million penalty to settle their investigation into lax data security and deceptive practices at the company.
Want to discuss this case? We're offering a FREE 20 minute phone consultation to discuss this case and the implications it has for your organisation. Just select the time and date that works for you:
If you'd rather we did the heavy lifting in developing a cyber incident response plan or lessons learnt training for your organisation underpined by our unique insight into the challenges faced and strategies implemented by organisations countering today's cyber security threats then please contact us here.