back to article Passwords in plaintext? NOT OK, Cupid

“Encrypt passwords”: that's the message coming from Australia's privacy commissioner, at the conclusion of his investigation of the huge data breach of the Cupid Media dating operation in 2013. Among the 42 million customers whose data was exposed in the breach of the Queensland-headquartered company were 245,000 Australians, …

COMMENTS

This topic is closed for new posts.
  1. Steven Roper

    Ha, ha.

    Since OKCupid was the bunch that started the hate campaign against Mozilla ex-CEO Brendan Eich, that forced him to resign for exercising his right to hold a politically-incorrect opinion, I can't say I feel overly sorry for all those members whose security is thus compromised by OKCupid's incompetence. I guess karma's a bitch.

    Just to clarify: I personally have no problem with people's sexual choices as long as it's consensual. But I do have a problem when people see fit to ruin the lives of those who don't share their opinions, no matter how right you think you are.

    1. Midnight

      Re: Ha, ha.

      Cupid Media does run a lot of dating web sites, but OK Cupid isn't one of them.

    2. j.p

      Re: Ha, ha.

      I'm going to defer to others advice that OKCupid is not in any way related to Cupid Media.

      I did want to comment however on the suggestion that OKCupid did the wrong thing (absolutely Eich would feel so) in exposing that he financially supported the repeal of equality laws.

      Every place along the spectrum between hetero - bi - homo - a-sexual is a place that a human being has a right to be and it is immoral to deny the right to enjoy all human rights (and associated legal privileges) regardless of gender, race, orientation and so on...

      If OKCupid had exposed Eich as having contributed to a NeoNazi political fund, and being forced to declare that (and his association with Mozilla), we would applaud OKCupid for exposing a vicious bigot, and we might enjoy him losing his high-fallutin' job as a result of his immoral convictions.

      There is something nasty, narrow-minded and worthy of exposure in both as they exhibit a victimisation of fellow humans.

      Sure, when a person is saying that gay marriage shouldn't be permitted, I personally might not get the same self-righteous, angry ball in my stomach that comes when I see a Swastika on a car, however, I recognise that this is a) a matter of taste that one is less acceptable than the other and b) it is just a matter of time until the social reaction is precisely the same.

      While it might not be so right now we WILL in time see sexuality equal rights denial as being of the same severity as gender equality and other racial or cultural discrimination. Again, it's just a matter of time. Future generations will look at this aspect of our generation, with the same shame with which we look at our gender-discriminating forefathers.

      </rant>

      1. Steven Roper

        @j-p Re: Ha, ha.

        I get where you're coming from, and I agree that people deserve the right to choose who they want to marry and/or make love to.

        However, assembling internet lynch mobs - and make no mistake, "lynch mob" is exactly what this is - to destroy those who don't support their cause is NOT the way to go about it, no matter how right or true your cause may be to you.

        If Mr. Eich has broken any laws, then you take it to court and you discuss his actions in front of a judge. That is how we deal with these matters in a civilised society under the rule of law. If the laws are inadequate to criminalise his actions, then you take it to your politicians and campaign to get laws passed criminalising opposition to your cause. Then if he continues to oppose it in spite of the law, then you take it to court and you discuss it with a judge.

        Rousing up internet lynch mobs to destroy the lives of those whose political opinions differ from your own when they have committed no crime under the laws of the land is vigilante justice at best, and pitchfork-and-torches barbarism at its worst.

    3. Hans 1

      Re: Ha, ha.

      Even if it were, your "hate campaign" was merely a whistleblower activity, and OKCupid has nothing to do with the Cupid in question in this article.

      BTW, "ruin the lives of those who don't share their opinions" ??? WTF ????

      This guy has/had (not sure if he managed to get a brain-transplant) a deprecated mentality, he "openly donated" for his views to be defended, if that ruined his life, that's his fault, not OkCupid's or whoever forwarded that, again, "openly available info" to the world at large ... again, the idiot donated money to a "conservative" organization ... that alone should have caused his downfall, regardless of what agenda said conservative org was actually pushing for.

      I know, the Margareth Thatcher and Ronald Regan fanclubs will downvote. Feel free!

  2. Martin Milan

    Not again...

    No, No, No No No No No!!!!

    DO NOT encrypt passwords.

    Hash 'n' salt, but do not encrypt!

    Why would you even want to be able to get back to the original password? Why even allow the possibility (that an attacker might get your key)

  3. Anonymous Coward
    Anonymous Coward

    A better headline may be "Cupid Stunts"

    enough said i think...

  4. Anonymous Coward
    Anonymous Coward

    Our business model means we're too busy making money to give a flying f*ck about your security....

    As if we needed yet another reason to avoid these sites...

  5. JDoubler

    Even when you crypt it, or hash it, it stay constants where you can login with.

    It becomes difrent when the encryption is related to date and time. But then again it is never an absolute safety. Nothing on the internet can be made absolute secure!

  6. Joseph Bryant

    Misleading headline

    The headline makes it sound like this is related to the excellent OkCupid website, whereas in fact Cupid Media is an unrelated group.

This topic is closed for new posts.

Biting the hand that feeds IT © 1998–2021