OkCupid Vulnerabilities Discovered That Could Have Let Hackers Access Personal Details of Online Daters 5jh50 Technology News

Security researchers at Check Point Research found security issues through the OkCupid Android app version 40.3.1 on Android 6.0.1. 4p23m

By Jagmeet Singh | Updated: 29 July 2020 19:17 IST

OkCupid has seen some growth in engagements during the coronavirus outbreak 5d4c4p

Highlights

OkCupid website and mobile app were found to have serious issues
The dating platform claimed it fixed the flaws within 48 hours
OkCupid assured that no has been impacted by the issues

ment

Security researchers identified multiple vulnerabilities on the Web and mobile platforms of online dating site OkCupid that could have allowed hackers to steal private data of s. The data could include full profile details, private messages, sexual orientation, personal addresses, and even all submitted answers to OkCupid's profiling questions. The team at OkCupid is claimed to have fixed the flaws within 48 hours of receiving their details. It has also stated that the vulnerabilities haven't impacted any of its s.

Researchers at OkCupid that could have allowed hackers to gain data access. The research work took place through the OkCupid Android app version 40.3.1 on Android 6.0.1. Upon reverse engineering the mobile app, the researchers discovered “deep links” functionality that could provide backdoor access to hackers to send malicious links.

While testing the mobile app, the researchers' team was also able to find the OkCupid primary domain vulnerable to cross-site scripting (XSS) attacks. Both those loopholes could be combined to let a hacker send specially crafted links to s and steal their personal data.

The researchers said that at the time of their testing, they saw that the server responded with all the information regarding the victim's profile, including email, and family status.

“Performing actions on behalf of the victim is also possible due to the exfiltration of the victim's authentication token and the s' ID,” the researchers noted in a blog.

Additionally, Check Point researchers found a misconfigured Cross-Origin Resource Sharing (CROS) policy in an API server of OkCupid. It could allow hackers to even filter data from the profile API endpoint and let them read victim's personal conversations.

“Not a single was impacted by the potential vulnerability on OkCupid, and we were able to fix it within 48 hours,” OkCupid responded to Check Point on its discovery.

Online dating has reached new levels due to the coronavirus outbreak that has brought restrictions in meeting people physically. OkCupid itself has also noticed as much as 20 percent increase in conversations and 10 percent increase in matches globally. However, there are some references showing that people meeting online aren't that safe due to potential vulnerabilities and growing amounts of data breaches.

In 2020, will WhatsApp get the killer feature that every Indian is waiting for? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts or RSS, the episode, or just hit the play button below.

Comments

For the latest reviews, follow Gadgets 360 on X, Facebook, WhatsApp, Threads and Google News. For the latest videos on gadgets and tech, subscribe to our YouTube channel. If you want to know everything about top influencers, follow our in-house Who'sThat360 on Instagram and YouTube.