OkCupid security bug could have leaked sensitive user data including profile details

According to Check Point Research, several security flaws were found on popular dating platform OkCupid’s website as well as the mobile app that was capable of stealing the personal data of its users.

An estimated 50 million users have used OkCupid since they launchedAcademics at Check Point Research informed OkCupid developers about the security flaws

Security researchers have identified several security flaws on popular dating platform OkCupid’s website as well as the mobile app that was capable of stealing the private data of its users. The accessible features available to the potential threat actor included full profile details, private messages, sexual orientation, personal addresses, and all submitted answers to OkCupid’s profiling questions, according to security researchers at Check Point Research.

It has been roughly estimated that OkCupid has had 50 million users since they launched. It is pertinent to note that during the coronavirus pandemic, OkCupid has seen a 20 per cent increase in conversations and a 10 per cent increase in matches globally. 

“Check Point Research informed OkCupid developers about the vulnerabilities exposed in this research and a solution was responsibly deployed to ensure its users can safely continue using the OkCupid app. Not a single user was impacted by the potential vulnerability on OkCupid, and we were able to fix it within 48 hours. We're grateful to partners like Check Point who with OkCupid, put the safety and privacy of our users first," the dating app said in a statement.

According to the security researchers at Check Point, to carry out an attack, hackers would first generate a malicious link with a payload and then send it to an unsuspecting user on the dating platform. The threat actor would also publish it in a public forum and once a user or victim touches or clicks the link, the malicious code is executed, thus, resulting in data exfiltration.

“Our research into OkCupid, which is one of the longest-standing and most popular applications in their sector, has led us to raise some serious questions over the security of dating apps. The fundamental questions being: how safe are my intimate details on the application? How easily can someone I don’t know access my most private photos, messages and details? We’ve learned that dating apps can be far from safe," said Oded Vanunu, Head of Products Vulnerability Research at Check Point.

"Every maker and user of a dating app should pause for a moment to reflect on what more can be done around security, especially as we enter what could be an imminent cyber pandemic. Applications with sensitive personal information, like a dating app, have proven to be targets of hackers, hence the critical importance of securing them," Vanunu added.

This is not new and OkCupid has earlier fought spam messages on the platform and Bumble asked its users to verify their identities with selfies. 

Source