Krebs contacted Cupid Media on 8 November after seeing the 42 million entries – entries which, as shown in an image on the Krebsonsecurity site, show unencrypted passwords stored in plain text alongside customer passwords that the journalist has redacted.

Cupid Media subsequently confirmed that the stolen data appears to be related to a breach that occurred in January 2013.

Grandparent scam A telephone call is made to an elderly person with a family member who is supposedly in some kind of trouble, usually claiming to be a grandson or granddaughter.

Telemarketing fraud is fraudulent selling conducted over the telephone.

The term is also used for telephone fraud not involving selling.

Callers assume that the victim has a computer running a Microsoft Windows operating system (users of other operating systems, such as Linux, are a minority and are likely to be technically knowledgeable).

They will get the computer owner to give the caller remote access using a genuine networking service or website like or Team Viewer.

Older people are disproportionately targeted by fraudulent telemarketers and make up 80% of victims affected by telemarketing scams alone.

Older people may be targeted more because the scammer assumes they may be more trusting, too polite to hang up, or have a nest egg.

Given that the Cupid Media data set held email addresses and plaintext passwords, all the company has to do is set up an automatic login to Facebook using the identical passwords. To wit: “123456” was the password for 1,902,801 Cupid Media records.

And as one commenter on Krebs’s story noted, the password “aaaaaa” was employed in 30,273 customer records.

Callers assume that their targets have grandchildren and will usually have several other people in on the scam, such as a bail bondsman, the arresting police officer, a lawyer, a doctor at a hospital, or some other person.