Latest in Gear

Image credit: solar22 via Getty Images

OKCupid security flaws could have given hackers access to user accounts

OKCupid fixed the flaws and says no users were impacted.
129 Shares
Share
Tweet
Share

Sponsored Links

Girl have been deception from cyber criminals. he flirts with her by means of delivers flowers.
solar22 via Getty Images

The data contained in dating apps is both very personal and valuable to hackers, who can use it to make highly convincing cyberattacks. So it’s always disturbing to learn about dating app security flaws. In a report released today, security research firm CheckPoint Research announced that it found several security vulnerabilities in OKCupid’s website and mobile apps. The flaws could have allowed hackers to access users’ full profile details, private messages, personal addresses and more. Hackers could even send messages from their victims’ profiles.

Taking advantage of the security flaws CheckPoint Research discovered, a hacker could have posed as a user and sent a malicious link to victims or public forums. If users clicked on the link, the malicious code would give the hackers access to and control of their victims’ accounts.

CheckPoint disclosed its findings to OKCupid, and developers have fixed the flaws within 48 hours. Fortunately, OKCupid says no users were impacted by the vulnerabilities. But as CheckPoint points out, this is a reminder that, while dating apps contain sensitive and personal information, they may not be as safe as we’d like.

“Our research into OKCupid, which is one of the longest-standing and most popular applications in their sector, has led us to raise some serious questions over the security of dating apps,” CheckPoint said in a statement. “The fundamental questions being: how safe are my intimate details on the application? How easily can someone I don’t know access my most private photos, messages and details?”

OKCupid has also fought spam messages, and its peer apps have battled everything from catfishing to creeps. Bumble asks users to verify their identities with selfies. Earlier this year, a study accused Grindr, OKCupid and Tinder of sharing sensitive data. OKCupid specifically was accused of sending data on drug use, ethnicity and political views to the analytics firm Braze.

In a statement shared by CheckPoint Research, OKCupid said:

“Check Point Research informed OkCupid developers about the vulnerabilities exposed in this research and a solution was responsibly deployed to ensure its users can safely continue using the OkCupid app. Not a single user was impacted by the potential vulnerability on OkCupid, and we were able to fix it within 48 hours. We're grateful to partners like Check Point who with OkCupid, put the safety and privacy of our users first.” 

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
129 Shares
Share
Tweet
Share

Popular on Engadget

Engadget's 2020 Back-to-School Guide

Engadget's 2020 Back-to-School Guide

View
NVIDIA is teasing something big for August 31st

NVIDIA is teasing something big for August 31st

View
'Xbox Series S' console revealed by controller packaging

'Xbox Series S' console revealed by controller packaging

View
Space Force official logo and motto unveiled

Space Force official logo and motto unveiled

View
Watch AI-controlled virtual fighters take on an Air Force pilot on August 18th

Watch AI-controlled virtual fighters take on an Air Force pilot on August 18th

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr