OKCupid security flaws could have given hackers access to user accounts

OKCupid fixed the flaws and says no users were impacted.

solar22 via Getty Images

The data contained in dating apps is both very personal and valuable to hackers, who can use it to make highly convincing cyberattacks. So it’s always disturbing to learn about dating app security flaws. In a report released today, security research firm CheckPoint Research announced that it found several security vulnerabilities in OKCupid’s website and mobile apps. The flaws could have allowed hackers to access users’ full profile details, private messages, personal addresses and more. Hackers could even send messages from their victims’ profiles.

Taking advantage of the security flaws CheckPoint Research discovered, a hacker could have posed as a user and sent a malicious link to victims or public forums. If users clicked on the link, the malicious code would give the hackers access to and control of their victims’ accounts.

CheckPoint disclosed its findings to OKCupid, and developers have fixed the flaws within 48 hours. Fortunately, OKCupid says no users were impacted by the vulnerabilities. But as CheckPoint points out, this is a reminder that, while dating apps contain sensitive and personal information, they may not be as safe as we’d like.

“Our research into OKCupid, which is one of the longest-standing and most popular applications in their sector, has led us to raise some serious questions over the security of dating apps,” CheckPoint said in a statement. “The fundamental questions being: how safe are my intimate details on the application? How easily can someone I don’t know access my most private photos, messages and details?”

OKCupid has also fought spam messages, and its peer apps have battled everything from catfishing to creeps. Bumble asks users to verify their identities with selfies. Earlier this year, a study accused Grindr, OKCupid and Tinder of sharing sensitive data. OKCupid specifically was accused of sending data on drug use, ethnicity and political views to the analytics firm Braze.

In a statement shared by CheckPoint Research, OKCupid said:

“Check Point Research informed OkCupid developers about the vulnerabilities exposed in this research and a solution was responsibly deployed to ensure its users can safely continue using the OkCupid app. Not a single user was impacted by the potential vulnerability on OkCupid, and we were able to fix it within 48 hours. We're grateful to partners like Check Point who with OkCupid, put the safety and privacy of our users first.”