‘Human Error’ Leads To Guardian Soulmates Data Breach & Sexual Spam

Spammers have been hitting users of the Guardian Soulmates website with sexually explicit emails after their information was accidentally displayed on the site.

A victim of the dirty spam deluge tipped told the BBC that they had started to receive the explicit emails to an address they only used with the dating site run by The Guardian newspaper.

Another anonymous user told the broadcaster: “I basically had been receiving spam […] directly referencing information that could only have come from the Soulmates database,” said another affected user, who also wished to remain anonymous.

“It’s all information that I was happy to put online at one point anyway, but when it’s used outside of context like that it does feel a lot more creepy.”

The user apparently contacted Guardian Soulmates to inform it of the spam problem back in November 2016, only receiving confirmation of the data breach late in April.

Human error

The Guardian‘s publisher has blamed human error for the exposed emails, which would indicate that the breach was a back-office issue, now fixed, as opposed to a hacker exploiting a security hole.

“Our ongoing investigations point to a human error by one of our third-party technology providers, which led to an exposure of an extract of data,” a spokeswoman told the BBC.

“We can confirm we have received 27 enquiries from our members which show evidence of their email addresses used for their Soulmates account having been exposed,” she explained, noting that there was no indication that the data had been breached by an external party.

Guardian News & Media apologised for the breach and committed to review its processes and operations with third-party suppliers.

While spam filters can filter out unwanted emails, the IDs and email addressees of Guardian Soulmates users were revealed could be used by non-members of the site to find their profile and extract other more private information about them.

It is not yeat clear how many people have been affected by the data breach, but it would appear to be a smaller breach than the Ashley Madison ‘adultery site’ hack that triggered spam splurges, extortion by cyber criminals, and saw the CEO of the site’s parent  company step down.

Are you a security pro? Try our quiz!