Newsbytes
  • India
  • Business
  • World
  • Politics
  • Sports
  • Technology
  • Entertainment
  • Auto
  • Lifestyle
  • Inspirational
  • Career
  • Bengaluru
  • Delhi
  • Mumbai
  • Videos
  • Visual Stories
  • Reviews
  • Phone Reviews
  • Fitness Bands Reviews
  • Speakers Reviews
  • Find Cricket Statistics
Hindi
More
In the news
Elon Musk
Apple
Motorola
Newsbytes
Hindi
Newsbytes
User Placeholder

Hi,

Logout


India
Business
World
Politics
Sports
Technology
Entertainment
Auto
Lifestyle
Inspirational
Career
Bengaluru
Delhi
Mumbai
Videos
Visual Stories
Reviews
Phone Reviews
Fitness Bands Reviews
Speakers Reviews
Find Cricket Statistics

More Links
  • Videos

Download Android App

Follow us on
  • Facebook
  • Twitter
  • Linkedin
  • Youtube
 
Home / News / Technology News / Critical vulnerabilities risking private user data flagged in OkCupid
Technology

Critical vulnerabilities risking private user data flagged in OkCupid

Critical vulnerabilities risking private user data flagged in OkCupid
Written by Shubham Sharma
Jul 29, 2020, 11:31 pm 3 min read
Critical vulnerabilities risking private user data flagged in OkCupid

In a major shocker, security researchers have flagged critical vulnerabilities in OkCupid, a renowned online dating platform used by 50 million people around the world. The issues, as the experts explained, were detected in the apps and website of the service and opened a way for attackers to steal the private data of its users. Here's all about it.

Issue
Flaws posing threat to personal messages, dating preferences

During a recent investigation, the team from security firm Check Point Research looked into OkCupid and found a series of flaws in its apps and website. The bugs, they noted, could have been exploited by any sophisticated hacker to steal account data, from email to authentication tokens, of an OkCupid user as well as their profile data such as date preferences and personal messages.

Information
Other profile information also risked

In addition to dating preferences and messages, the flaws also opened a way to glean other intimate information related to the victim, including their age, location, religion, sexual orientation as well as professional background and the kind of lifestyle they prefer.

Demo
The team demonstrated the hack

Check Point even shared a video that demonstrated how the vulnerabilities in question could be exploited using a specially-crafted link. In the clip, the target just clicked on the link and all their data, including messages, went to the command-and-control server on the attacker's end. Theoretically, this link could be shared through a fake account or posted publicly to trick people into opening it.

Information
Partial account takeover was also possible

As the data at risk also included authentication tokens and user IDs, the researchers claimed that hackers could have used it for partial account takeovers and execute certain actions from the victims' accounts like sending messages.

Fix
OkCupid fixed the bugs soon after being informed

Soon after the issues came into the light, the team at Check Point got in touch with OkCupid and informed them about the problem and what is at stake. In a matter of 48 hours, the dating platform deployed a fix to close all the bugs for good. It also officially confirmed that none of its users were impacted by the flaws disclosed.

Quote
Here's what OkCupid said on the matter

"Not a single user was impacted by the potential vulnerability on OkCupid, and we were able to fix it within 48 hours. We are grateful to partners like Checkpoint who with OkCupid, put the safety and privacy of our users first."

Questions
Still, this raises major questions over safety of dating apps

While the issues were promptly fixed by OkCupid, the case raises major concerns around the safety of data that millions of people around the world entrust to leading dating platforms. These services have some really personal and intimate details, things which, if exposed or stolen, could easily be used for major social engineering-based cyber-attacks, even cases of blackmailing and extortion.

Share this timeline
Facebook
Whatsapp
Twitter
Linkedin
Shubham Sharma
Shubham Sharma
Twitter
Editor with over five years of experience in covering all things science, consumer tech, space tech, AI, infosec, and business. A commerce graduate from University of Lucknow. I have been handling Tech beat at NewsBytes since 2018.
Latest
OkCupid
Latest
Amy Satterthwaite announces retirement: Her career in numbers
Amy Satterthwaite announces retirement: Her career in numbers Sports
TikTok star Amreen Bhat shot dead, 10-year-old nephew sustains injuries
TikTok star Amreen Bhat shot dead, 10-year-old nephew sustains injuries Entertainment
5 popular tourist places in Mount Abu
5 popular tourist places in Mount Abu Lifestyle
2023 Maserati MC20 Cielo breaks cover with a 621hp powertrain
2023 Maserati MC20 Cielo breaks cover with a 621hp powertrain Auto
5 action movies of Kamal Haasan to watch before 'Vikram'
5 action movies of Kamal Haasan to watch before 'Vikram' Entertainment
OkCupid
#WeeklyRecap: Big Tech trial, CERT-In's warning, NASA's Mars mission, more
#WeeklyRecap: Big Tech trial, CERT-In's warning, NASA's Mars mission, more Technology
Facebook to PUBG, Army directs troops to delete 89 apps
Facebook to PUBG, Army directs troops to delete 89 apps India
Indians prefer "good sex" over partners' opinions on CAA-NRC: Survey
Indians prefer "good sex" over partners' opinions on CAA-NRC: Survey India
Not feeling safe on a date? Use Tinder's 'panic' button
Not feeling safe on a date? Use Tinder's 'panic' button Technology
Now, more people can use Facebook Dating: Here's how
Now, more people can use Facebook Dating: Here's how Technology
More News
Next News Article
Next News Article

Love Technology news?

Subscribe to stay updated.

Science Thumbnail
India News Business News World News Politics News Sports News Technology News Entertainment News Auto News Lifestyle News Inspirational News
Career News Bengaluru News Delhi News Mumbai News Mukesh Ambani Indian Premier League (IPL) Karnataka Samsung Xiaomi West Bengal
Bihar Virat Kohli Rohit Sharma Haryana Narendra Modi Arvind Kejriwal Tamil Nadu Gujarat Yogi Adityanath YouTube
Instagram Hollywood News Uttar Pradesh Kerala Netflix Bollywood News Mamata Banerjee Maruti Suzuki Rahul Gandhi Elon Musk
Shah Rukh Khan Chelsea FC OPPO Akhilesh Yadav Indian Cricket Team Apple Manchester United Salman Khan Cryptocurrency OnePlus
Amitabh Bachchan ICC Women's World Cup Vivo India vs Sri Lanka
About Us Privacy Policy Terms & Conditions Contact Us Ethical Conduct Grievance Redressal News News Archive Topics Archive IPL 2022 Schedule IPL 2022 Points Table Find Cricket Statistics
Follow us on
Facebook Twitter Linkedin Youtube
All rights reserved © NewsBytes 2022