NEW DELHI: OkCupid, an online dating app with over 50 million registered users, has said vulnerabilities on its platform have been fixed and no subscriber account has been compromised. Researchers at Check Point have identified several vulnerabilities in the app that could have compromised sensitive and private data, including full profile details, private messages and email addresses of users.
“Check Point Research informed OkCupid developers about the vulnerabilities exposed in this research and a solution was responsibly deployed to ensure its users can safely continue using the OkCupid app. Not a single user was impacted by the potential vulnerability on OkCupid, and we were able to fix it within 48 hours,” the company said in a statement.
According to researchers at Check Point, attackers could have exploited the vulnerabilities to execute malicious code into the dating platform’s web and mobile app.
Researchers said, to carry out an attack, hackers would first generate a malicious link containing a payload and then send it to an unsuspecting OkCupid user. If the user taps on the link, the malicious code will be executed and the attacker will gain access to his/her account. The actual user will remain unaware while the attacker can see private messages and other personal data.
“Our research into OkCupid has led us to raise some serious questions over the security of dating apps. Every maker and user of a dating app should pause for a moment to reflect on what more can be done around security, especially as we enter what could be an imminent cyber pandemic,” Oded Vanunu, head of Products Vulnerability Research at Check Point said in a statement.
This isn’t the first instance when dating platforms have been found to be lax on the security front.
In 2018, security researchers at Appsecure had found a flaw that could be exploited to gain access into Tinder accounts of any user through their phone number. The vulnerability was later fixed. In the same year, another researcher had found that Tinder wasn’t encrypting photos shared between users and could have been intercepted by people on the same network. This was also fixed soon after by the company.
The biggest data breach involving a dating platform is the 2015 attack on extra marital affair platform Ashley Madison in which hackers stole 32 million records.