The popular dating app Coffee Meets Bagel emailed users on February 14, 2019, to announce a recent data breach that will most likely lead to more spam, scams and junk mail for members this Valentine’s Day.
The data breach has implications for users of the site and it provides a reminder of how many types of sites, especially those that collect and process personal data, are vulnerable.
Commenting on the data breach, Jo O’Reilly, data privacy expert at BestVPN.com, tells Digital Journal: “Receiving an email from a dating app informing you that your personal details have been hacked, it’s not the quite the Valentine’s Day surprise that anyone was hoping for.”
O’Reilly, who has launched a “Valentine’s Day” report exploring Americans’ online dating habits, boils down to the risks associated with certain websites: “We all know online dating is fraught with risks, least of all you might end up getting your heart broken. One thing digital daters shouldn’t have to worry about, is the security of their data. This time Coffee Meets Bagel are adamant that it is only names and email addresses that have been stolen, but it could have been much worse.”
She adds further why a level of caution is necessary when using dating sites: “The very nature of dating apps means that when you sign up to one, you divulge the most personal of information in the hunt for a match. This can include intimate data such as your sexual orientation or tastes and even information about your career or personal income. If dating apps want to continue to play a pivotal role in the hunt for love in 2019, they need to wise up to the security risks of handling this quantity of sensitive data and ensure this doesn’t become a trend.”
Returning to the recent issue he charts what’s in store for those affected by the data breach: “For now, Coffee Meets Bagel users should be extra wary of any unsolicited email communication they may receive, and avoid clicking on any suspicious links.”
Digital Journal spoke with a second expert on the subject – Jessica Ortega, who is a website security analyst at SiteLock. She also notes how dating apps are a sensitive medium.
Ortega notes how the Coffee Meets Bagel announcement “indicates that user email addresses and full names, which is generally not considered to be particularly sensitive information, were breached. While a breach of full names is typically harmless, users can be sensitive about their presence on dating apps.”
She offers advice for those impacted: “Users impacted by the breach may want to consider changing the email address associated with important accounts or financial institutions if they were using that address for their Coffee Meets Bagel account. Additionally, it is always a best practice to update passwords associated with breached accounts to prevent bad actors from attempting password resets.”
In term of what similar companies should be doing, Ortega recommends: “For companies watching this breach and worried about their own security, it is important to implement proactive network monitoring for malicious activity such as files being downloaded from their servers and proactive website security like malware scanners that stop attackers from accessing critical information.”
And for when a cyber-incident occurs: “In the event of a breach, transparency and communication are paramount to a good response. Ensure customers are aware of their information being compromised and provide tools for helping them to protect themselves.”
