50 million OKCupid users at risk due to security flaws — what to do now
50 million OKCupid users at risk due to security flaws — what to do now
OkCupid, one of the world's nigh popular online dating services, has been left vulnerable to the threat of hacking every bit a result of several security flaws.
Researchers at cybersecurity firm Check Bespeak discovered a range of dangerous flaws in the website and mobile app of the online dating service, which is used by more than 50 million people globally.
- The best antivirus software to keep you and your devices safe
- VPN: add an extra layer of security with a virtual private network
- Just In: Disney, Microsoft, Nintendo and more hit by source code leak
Data on daters
Past leveraging these vulnerabilities, a hacker would take been able to view personal information such as full profiles, messages, email addresses, sexual orientation and other details that users input as part of OkCupid's profiling process.
The flaws would have also allowed a cybercrook to conduct myriad hostile actions, similar "manipulating user profile data and sending messages" from a users' business relationship -- all without them knowing.
Check Point explained that a hacker could practise these things by injecting malicious lawmaking into the back cease of the OkCupid website and mobile apps.
Uncomplicated steps
As part of this process, the hacker would have had to create a "unmarried, malicious link" that would be distributed to users of the online dating service.
A successful alienation would have been a case of following three relatively simple steps, which are every bit follows:
- Threat actor generates a link containing a payload that initiates the attack
- Threat actor sends the link to the victim, or publishes it in a public forum
- Once the victim touches or clicks the link, the malicious code is executed, resulting in data exfiltration
Check Bespeak said this set on "enables an attacker to masquerade as a victim user, to carry out any actions that the user is able to perform, and to access whatever of the user's data".
Oded Vanunu, head of products vulnerability enquiry at Check Bespeak, said: "Our enquiry into OKCupid, which is ane of the longest-standing and most pop applications in their sector, has led us to heighten some serious questions over the security of dating apps.
"The fundamental questions beingness: how safe are my intimate details on the application? How hands can someone I don't know admission my nearly private photos, messages and details? We've learned that dating apps can be far from prophylactic.
"Every maker and user of a dating app should interruption for a moment to reflect on what more than tin be done effectually security, peculiarly as nosotros enter what could be an imminent cyber pandemic. Applications with sensitive personal information, like a dating app, have proven to be targets of hackers, hence the critical importance of securing them."
Taking activity
Since discovering the flaws, Check Signal researchers have reported them to OKCupid and the dating site has issued fixes.
OKCupid said: "Check Point Research informed OkCupid developers about the vulnerabilities exposed in this research and a solution was responsibly deployed to ensure its users tin safely continue using the OkCupid app.
"Not a single user was impacted past the potential vulnerability on OkCupid, and we were able to fix information technology within 48 hours. We're grateful to partners like Check Point who with OkCupid put the safety and privacy of our users beginning."
This isn't the get-go time that a dating website has been breached and seen user data put at the mercy of threat actors.
To stay one step ahead of cybercrooks, yous should generate strong passwords, ask yourself if you're potentially sharing as well much personal information online, only use reputable apps and download an antivirus solution.
- More: Stay bearding without the spend with a cheap VPN
Source: https://www.tomsguide.com/news/okcupid-security-flaws
Posted by: barronboremat.blogspot.com

0 Response to "50 million OKCupid users at risk due to security flaws — what to do now"
Post a Comment