Timothy Pilgrim, Australian Privacy Commissioner reported that Cupid Media failed to secure the data on its websites and violated the Privacy Act. The unethical hackers attacked the online dating sites last year in January and pounced on the personal information of the users including the names, email addresses, passwords and birth dates.
The investigation of the incident found that the Cupid Media didn’t had any encryption in place for the passwords of its website users. This lack of responsibility while storing the important passwords of the users, is taken as the reason behind the incident.
"Password encryption is a basic security strategy that may prevent unauthorised access to user accounts," Commissioner Pilgrim said. Cupid Media stored the passwords insecurely in plain simple text, thus putting them at a very high risk of being stolen.
Cupid Media has not destroyed the personal information of its users in the right manner, said Commissioner Pilgrim. "Holding onto old personal information that is no longer needed does not comply with the Privacy Act and needlessly places individuals at risk," he said. As per the legal perspective, the organisations need to identify the outdated and non-essential personal information and should have a sound system for disposing off the same securely.