search

Not a great match: Israel researchers find hacking flaws in OkCupid dating app

Check Point cybersecurity researchers say vulnerabilities could have given hackers access to sensitive data; OkCupid says flaws now fixed and no users harmed

Shoshanna Solomon is The Times of Israel's Startups and Business reporter

Check Point researchers find vulnerabilities in OkCupid dating app (YouTube screenshot)
Check Point researchers find vulnerabilities in OkCupid dating app (YouTube screenshot)

Researchers at cybersecurity firm Check Point Software Technologies Ltd. said Wednesday that they found vulnerabilities on the popular dating app OkCupid that could have given hackers access to sensitive data stored on the app.

The researchers said they informed OkCupid about the flaws, which have been fixed. OkCupid said that no users had been impacted by the potential vulnerability, which was fixed within 48 hours of notification. Users can safely continue to use the dating app, the Check Point researchers said in a statement.

OkCupid, a free online dating site, has over 50 million registered users, aged mainly between 25 and 34, with over 91 million connections made annually and 50,000 dates every week. The firm was the first major dating site in 2012 to become a mobile app.

OkCupid builds personal profiles for users based on information it is provided by them, so it can make the best match, or matches. An algorithm matches like-minded people with each other, who can start communicating via instant messaging.

These detailed personal profiles are unfortunately not just of interest to potential lovers.

“They’re also highly prized by hackers,” the Check Point researchers said in the statement, “as they’re the ’gold standard’ of information either for use in targeted attacks, or for selling on to other hacking groups, as they enable attack attempts to be highly convincing to unsuspecting targets.”

The Check Point researchers said that the vulnerabilities found could have potentially allowed hackers access to sensitive information stored on the app that would allow them to perform actions on behalf of the victim; steals users’ profile and private data, preferences and characteristics; and steal users’ authentication tokens, IDs, and other sensitive information such as email addresses.

Dating apps have become even more crucial these days, at a time when people have to implement social distancing because of the coronavirus, the researchers said.

“The dire need for privacy and data security becomes far more crucial when so much private and intimate information” is being stored, managed and analyzed in an app, they said in the statement. The app and website were “created to bring people together, but of course where people go, criminals will follow.”

read more:
comments