Unauthorised activity affecting a small number of members
12 November 2018
We recently became aware of unauthorised activity that affected a small number of Recon members.
On Friday 9 November at 2:30pm UTC we became aware that spammers had gained unauthorised access to some of our members' accounts and used these accounts to send unsolicited messages to other members. These messages were encouraging other members to visit a third-party website.
Our investigation has found that a total of 288 accounts were potentially accessed by these spammers. We have notified all members whose accounts were accessed as part of this incident.
How did this happen?
It's important to stress that there is no evidence to suggest that this was a breach of our database or that email addresses or passwords were obtained from our database.
Our investigation has shown a large number of login attempts from a small number of IP addresses (the unique internet address of a computer or mobile device). The quantity of these requests indicates it was an automated attack. The vast majority of those attempts were failures, which indicates the spammers were trying a brute force login attempt by trying common passwords, or passwords obtained from other companies.
This leads us to believe that the spammers had obtained a list of email address from a third party (for example a data breach from an unrelated company) and either that breach contained the same password, or the spammers were able to match it to a set of common passwords.
Have I been affected?
If your account has been compromised, you will already have been contacted by Recon Customer Support to explain how to reinstate your account. If your account is fully operational then you will not have been affected.
What is Recon doing about this
We have reported the incident to the UK Information Commissioner's Office (ICO).
We have already implemented additional audit logs and active monitoring to alert us of any future attempts of a similar nature. We're also going to add some additional security measures to prevent this kind of abuse from re-occurring, but it will take us a little bit of time to fully implement these measures.
Recon and other dating and social networking sites are constantly under attack from malicious individuals. We have our own automated anti-abuse systems to detect and block such attempts, and these are continually being reviewed and updated to keep up with evolving malicious activity.
We are currently working with the 288 members to restore their accounts to working order.
Please reach out to our Customer Support department, firstname.lastname@example.org, if you would like to discuss this further.