OkCupid bugs could have let hackers compromise dating accounts, researchers warn

  • OkCupid bugs could have let hackers compromise dating accounts, researchers warn

OkCupid bugs could have let hackers compromise dating accounts, researchers warn

Researchers from Israeli cybersecurity company Check Point has uncovered vulnerabilities on the popular OKCupid dating app, the company announced on Wednesday.

"Not a single user was impacted by the potential vulnerability on OkCupid, and we were able to fix it within 48 hours", OKCupid wrote, adding that it is grateful to Check Point, who puts "the safety and privacy of our users first".

The bugs, they noted, could have been exploited by any sophisticated hacker to steal account data, from email to authentication tokens, of an OkCupid user as well as their profile data such as date preferences and personal messages. "The problem lies in several vulnerabilities in the official 'OkCupid" app, which isn't following the best practices for securing people's private data.

During a recent investigation, the team from security firm Check Point Research looked into OkCupid and found a series of flaws in its apps and website. Furthermore, according to OkCupid, all these flaws were fixed within 48 hours.

OkCupid users, on the other hand, should also be aware of the basic methods to protect themselves online. If users clicked on the link, the malicious code would give the hackers access to and control their victims' accounts.

Coming to the technical details, according to Check Point's blog post, these flaws were found by reverse-engineering the Android application of the company and then moving on to various other parts involved in the equation. However as CheckPoint explains, this is a reminder that, while dating apps consist of sensitive and personal info, they might not be as safe as we 'd like. "How easily can someone I don't know access my most private photos, messages and details?" Bumble asks users to confirm their identities with selfies.

"Every maker and user of a dating app should pause for a moment to reflect on what more can be done around security, especially as we enter what could be an imminent cyber pandemic", said Check Point researcher Oded Vanunu.

However, in January, a study by Norwegian Consumer Council accused OKCupid, along with Grindr and Tinder, of sharing sensitive data. Specifically, OkCupid was accused of sending data about drug use, political views, and ethnicity to Braze.

OkCupid has stated that they have discovered no actual cases of users being compromised through the identified and fixed chain of flaws, so allegedly, no actual harm was done.