Guardian Soulmates website suffers data breach

Those looking for love on Guardian Soulmates have instead found explicit emails in their inboxes following a data breach.

Guardian News & Media, parent company of the dating site, ruled out any outside hack, instead blaming it on human error by one of its third party technology providers.

A spokesperson said: "We take matters of data security extremely seriously and have conducted thorough audits of all our internal systems and are confident that no outside party breached any of these systems.

"Our ongoing investigations point to a human error by one of our third party technology providers, which led to an exposure of an extract of data. This extract contained only members' email addresses and user ID which can be used to find members' publicly available online profiles."

It received 27 enquiries from their members showing evidence that their email addresses used in connection with their Soulmates account had been exposed.

One, who wished to remain anonymous, told the BBC: "I basically had been receiving spam ... directly referencing information that could only have come from the Soulmates database." Another said they had received sexually explicit emails as a result.

The incidents appear to have taken place last year, but one speaking to the BBC did not get a response from Guardian News & Media until last month.

Marco Cova, senior security researcher at malware specialist Lastline, said: "This breach is good reminder that every breach reveals data that criminals can use to launch additional attacks. They merge data from multiple sources, building dossiers on potential victims, including spear phishing targets.

"The information that they gather does not have to be highly confidential in order to create successful attacks. Every breach is a reminder of the importance of strong authentication measures in both personal and professional devices, networks, and web applications."

Guardian News & Media added that appropriate measures have been taken to ensure it doesn't happen again and advised that if any members are concerned they should contact support@guardiansoulmates.com.

The company also highlighted that no personal data such as credit card details or dates of birth were compromised.

This is only the latest in a long line of online dating website breaches. Ashley Madison was attacked in July 2015 and revealed the sensitive data of 37 million people, although part of the motive behind the attack was to out and shame cheaters who were supposedly using the site for extra-marital affairs.

The Muslim Match dating website was also hacked, spilling 150,000 credentials and private messages between users in 2016, as was AdultFriendFinder where over 412 million user accounts were exposed.

Main image source: Guardian Soulmates

WATCH: Learn more about the security threats facing businesses today and how to combat them in this free webinar WATCH NOW

Zach Marzouk

Zach Marzouk is a former ITPro, CloudPro, and ChannelPro staff writer, covering topics like security, privacy, worker rights, and startups, primarily in the Asia Pacific and the US regions. Zach joined ITPro in 2017 where he was introduced to the world of B2B technology as a junior staff writer, before he returned to Argentina in 2018, working in communications and as a copywriter. In 2021, he made his way back to ITPro as a staff writer during the pandemic, before joining the world of freelance in 2022.