banner



50 million OKCupid users at risk due to security flaws — what to do now

50 million OKCupid users at risk due to security flaws — what to do now

okcupid on a Samsung smarttphone
(Paradigm credit: Roman Pyshchyk / Shutterstock.com)

OkCupid, one of the world's nigh popular online dating services, has been left vulnerable to the threat of hacking every bit a result of several security flaws.

Researchers at cybersecurity firm Check Bespeak discovered a range of dangerous flaws in the website and mobile app of the online dating service, which is used by more than 50 million people globally.

  • The best antivirus software to keep you and your devices safe
  • VPN: add an extra layer of security with a virtual private network
  • Just In: Disney, Microsoft, Nintendo and more hit by source code leak

Data on daters

Past leveraging these vulnerabilities, a hacker would take been able to view personal information such as full profiles, messages, email addresses, sexual orientation and other details that users input as part of OkCupid's profiling process.

The flaws would have also allowed a cybercrook to conduct myriad hostile actions, similar "manipulating user profile data and sending messages" from a users' business relationship -- all without them knowing.

Check Point explained that a hacker could practise these things by injecting malicious lawmaking into the back cease of the OkCupid website and mobile apps.

Uncomplicated steps

As part of this process, the hacker would have had to create a "unmarried, malicious link" that would be distributed to users of the online dating service.

A successful alienation would have been a case of following three relatively simple steps, which are every bit follows:

  1. Threat actor generates a link containing a payload that initiates the attack
  2. Threat actor sends the link to the victim, or publishes it in a public forum
  3. Once the victim touches or clicks the link, the malicious code is executed, resulting in data exfiltration

Check Bespeak said this set on "enables an attacker to masquerade as a victim user, to carry out any actions that the user is able to perform, and to access whatever of the user's data".

Oded Vanunu, head of products vulnerability enquiry at Check Bespeak, said: "Our enquiry into OKCupid, which is ane of the longest-standing and most pop applications in their sector, has led us to heighten some serious questions over the security of dating apps.

"The fundamental questions beingness: how safe are my intimate details on the application? How hands can someone I don't know admission my nearly private photos, messages and details? We've learned that dating apps can be far from prophylactic.

"Every maker and user of a dating app should interruption for a moment to reflect on what more than tin be done effectually security, peculiarly as nosotros enter what could be an imminent cyber pandemic. Applications with sensitive personal information, like a dating app, have proven to be targets of hackers, hence the critical importance of securing them."

Taking activity

Since discovering the flaws, Check Signal researchers have reported them to OKCupid and the dating site has issued fixes.

OKCupid said: "Check Point Research informed OkCupid developers about the vulnerabilities exposed in this research and a solution was responsibly deployed to ensure its users tin safely continue using the OkCupid app.

"Not a single user was impacted past the potential vulnerability on OkCupid, and we were able to fix information technology within 48 hours. We're grateful to partners like Check Point who with OkCupid put the safety and privacy of our users beginning."

This isn't the get-go time that a dating website has been breached and seen user data put at the mercy of threat actors.

To stay one step ahead of cybercrooks, yous should generate strong passwords, ask yourself if you're potentially sharing as well much personal information online, only use reputable apps and download an antivirus solution.

  • More: Stay bearding without the spend with a cheap VPN

Nicholas Fearn is a freelance technology journalist and copywriter from the Welsh valleys. His work has appeared in publications such as the FT, the Contained, the Daily Telegraph, The Side by side Web, T3, Android Central, Estimator Weekly, and many others. He likewise happens to exist a diehard Mariah Carey fan!

Source: https://www.tomsguide.com/news/okcupid-security-flaws

Posted by: barronboremat.blogspot.com

0 Response to "50 million OKCupid users at risk due to security flaws — what to do now"

Post a Comment

Iklan Atas Artikel

Iklan Tengah Artikel 1

Iklan Tengah Artikel 2

Iklan Bawah Artikel