OkCupid dating app vulnerable to cyber attack: Check Point

Last Updated 30 July 2020, 12:01 IST

Cyber security researchers of Check Point have uncovered several serious vulnerabilities in the online dating website and the mobile apps of OkCupid. These loopholes could have helped hacker access to a user’s full profile details, private messages, sexual orientation, personal addresses, and all submitted answers to OkCupid’s profiling questions.

Here's how hackers could have taken over OkCupid user's account

Firstly, the threat actor would develop an URL link with malicious code and send it victims on a public forum like a social media site and if the person takes the bait, the payload attached to the URL gets into action and starts retrieving data. And, also the cybercriminals can take over the account and send messages with the victim ever knowing about it.

It can be noted that OkCupid has over 10 million downloads on Google Play and roughly 50 million users since its launch. In 2019, OkCupid supported 91 million connections, with 50 thousand dates being made per week. Due to the coronavirus pandemic, the dating website has seen a 20% increase in conversations and a 10% increase in matches worldwide.

Fortunately, before the hackers could get the whiff of the vulnerabilities in the OkCupid, Check Point researchers promptly disclosed their findings to the dating service provider.

“Our research into OkCupid, which is one of the longest-standing and most popular applications in their sector, has led us to raise some serious questions over the security of dating apps. The fundamental questions being: how safe are my intimate details on the application? How easily can someone I don’t know access my most private photos, messages, and details? We’ve learned that dating apps can be far from safe. Every maker and user of a dating app should pause for a moment to reflect on what more can be done around security, especially as we enter what could be an imminent cyber pandemic. Applications with sensitive personal information, like a dating app, have proven to be targets of hackers, hence the critical importance of securing them,” said Oded Vanunu, Head of Products Vulnerability Research at Check Point.

Taking note of the seriousness of the issue, OkCupid immediately went to action and fixed the security flaws in their servers within 48 hours.

Last week, Garmin suffered a major ransomware attack. Due to the service outage, consumers are not able to connect their fitness trackers to Garmin Connect nor able to use the GPS services.

It has come to light the Maksim Viktorovich Yakubets, a 33-year-old Russian hacker, believed to be the head of Russian hacking group Evil Corp is responsible for the Garmin's current predicament.

Read more | Garmin still down, struggles to fight back ransomware attack

Get the latest news on new launches, gadget reviews, apps, cyber security, and more on personal technology only on DH Tech.

(Published 30 July 2020, 12:01 IST)

Follow us on