OKCupid security flaws could have given hackers access to user accounts

OKCupid security flaws could have given hackers access to user accounts

This also means that online dating platforms became another rich field for cybercriminals, so it is quite concerning when security researchers reported significant vulnerabilities found on the OkCupid app that caters to more than 50 million users. Through the vulnerabilities found on OKCupid's web and mobile platforms, Check Point researchers proved that a threat actor could have stolen the private data of an OKCupid user. The data could include full profile details, private messages, sexual orientation, personal addresses, and even all submitted answers to OkCupid's profiling questions.

During the reverse engineering process, Check Point researchers discovered that the app is opening a WebView (and enables JavaScript to execute in the context of the WebView window) and loads remote URLs such as https://OkCupid.com, https://www.OkCupid.com, and more.

Dating apps have for always been used as a replacement for the effort one may need to exert out in the physical world to find a suitable match. Hackers might even send out messages from their victims' profiles.

According to Engadget, OKCupid claims they have already fixed the flaws within 48 hours after being advised about the flaws. It has also stated that the vulnerabilities haven't impacted any of its users.


In the clip, the target just clicked on the link and all their data, including messages, went to the command-and-control server on the attacker's end. "The fundamental questions being: how safe are my intimate details on the application? We've learned that dating apps can be far from safe", said Oded Vanunu, head of products Vulnerability Research at Check Point.

OKCupid has also battled spam messages, and its peer apps have actually battled issues from catfishing to creeps. Bumble asks users to verify their identities with selfies.

"Our research into OkCupid has led us to raise some serious questions over the security of dating apps". Earlier this year, a study implicated Grindr, OKCupid and Tinder of sharing delicate data. OKCupid specifically was accused of sending data on drug use, ethnicity and political views to the analytics firm Braze.

In turn, OKCupid were quick to respond, reassuring users that no personal information was compromised as a result of the vulnerabilities. "We're grateful to partners like Check Point who with OkCupid, put the safety and privacy of our users first".

Related:

Comments

Latest news

Mertens disagrees with his president: Theres no problem playing in Barcelona
And Napoli are concerned over the safety of playing the match in Barca with De Laurentiis suggesting it should be moved to Portugal .

Fauci confident virus vaccine will get to Americans in 2021
The U.S. has done much to ramp up testing for COVID-19, Giroir said, administering more than 820,000 tests per day, on average. States reopening without following federal guidelines crafted with his input led to a surge in COVID-19 cases, Dr.

COVID Alert app is now available for download
Premier Doug Ford announced the release of Canada's new COVID-19 tracing app in Ontario on Friday. The federal government worked with Apple and Google on the technology underlying the app.

Jonathan Isaac stood for the anthem over religious beliefs
Magic and Nets players followed suit on Friday as the "Star-Spangled Banner" was played, but Isaac did not take part. Day, the Orlando Magic chose Jonathan Isaac to say a few words to fans before tipoff of a game at Amway Center.

Steve Smith: It’s disappointing that IPL 2020 is not in India
He became a household name a year ago following his half-century against Delhi Capitals. Guys are trying to get their cricket back.

Other news