50 Million OkCupid Users at Risk For Security Flaws - What To Do Now

50 Million OkCupid Users at Risk For Security Flaws - What To Do Now

OkCupid, one of the world's most popular online dating services, is vulnerable to hacking threats as a result of several security flaws.

Researchers at cybersecurity firm Check Point have discovered a variety of dangerous flaws in the website and mobile app of the online dating service used by more than 50 million people worldwide.

By exploiting these vulnerabilities, hackers were able to view personal information, including complete profiles, messages, email addresses, and sexual orientation, entered by users as part of OkCupid's profiling process.

The flaw also allows cybercriminals to conduct a myriad of hostile activities from a user's account, including "manipulating user profile data and sending messages." [Check Point explains that hackers can accomplish these acts by injecting malicious code into the back end of OkCupid's website and mobile apps.

As part of this process, hackers needed to create a "single malicious link" that would be distributed to users of the online dating service.

A successful intrusion required three relatively simple steps:

Check Point states that the attack "allows the attacker to impersonate the victim user, perform any action the user is capable of performing, and access any user data . and access any of the user's data.

Oded Vanunu, Check Point's head of product vulnerability research, stated: "OKCupid has one of the longest histories and most popular applications in the field.

"The fundamental question is: How secure is my intimate information on the application? How easy is it for someone I don't know to access my most private photos, messages, and details? We learned that dating apps can be far from safe.

"All makers and users of dating apps should pause for a moment to consider what more can be done about security, especially now that we may be entering an impending cyber pandemic. Applications that handle sensitive personal information, such as dating apps, are proven targets for hackers.

Since discovering the flaw, Check Point researchers have reported it to OKCupid and the dating site has announced a fix. [OKCupid stated: "Check Point Research has informed OKCupid's developers of the vulnerabilities uncovered in this investigation and has responsibly implemented a solution to ensure that users can continue to use the OkCupid app safely. [Not a single user was affected by the potential OkCupid vulnerability and we were able to fix it within 48 hours, and we are grateful to our partners like Check Point who, along with OkCupid, put the safety and privacy of their users first."

This is not the first time that dating sites have been compromised and user data has fallen into the hands of threat actors.

To stay one step ahead of cybercriminals, you need to create strong passwords, ask yourself if you are sharing too much personal information online, use only reputable apps, and download antivirus solutions.

Categories