Guardian Soulmates users are being targeted with sexually explicit spam emails after their data was leaked. The email addresses and Soulmates usernames were hacked by a third-party from online dating service which has been running since 2004. The security flaw has now been fixed, however the flaw made it possible to find Soulmates members’ online dating profiles publicly. No other personal information, including dates of birth or credit card details, was exposed in the data leak.
Hiwot Mendahun, cybersecurity analyst at email security firm Mimecast, commented:
“The Guardian Soulmates phishing attacks highlight how important it is for consumers to become more aware of the risks of providing details on the many services they sign up to.
It is not their fault at all but the more personal the information, the greater the risks of the data being used against them in highly targeted attacks in future.
Ask to have your data removed should you no longer want to it to be stored with a service or consider using a throwaway, disposable email address for less trusted sites rather than your main account.”