Check aim researchers display how a hacker may have accessed usersвЂ™ sensitive data вЂ“ full profile details, personal communications, pictures and email addresses вЂ“ on OkCupid, the leading free online dating sites platform
Check Point Research, the Threat Intelligence supply of Check PointВ® Software Technologies Ltd. (NASDAQ: CHKP), a number one provider of cyber safety solutions globally, recently identified and helped mitigate a few protection flaws on OkCupidвЂ™s site and mobile application. If exploited, the weaknesses will have permitted a hacker to access and take the personal data of OkCupid users, and deliver communications from their account without usersвЂ™ knowledge.
Launched in 2004, OkCupid has become among the leading online that is free services globally with more than 50 million new users and utilized in 110 nations. In 2019, 91 million connections had been made via the web web site yearly, with on average 50,000 times arranged each week. Through the pandemic, OkCupid has seen a 20% upsurge in conversations. Nonetheless, the step-by-step information that is personal submitted by users additionally makes online dating sites solutions objectives for threat actors, either for brazilcupid targeted assaults, and for attempting to sell on to many other hackers.
always always Check aim scientists demonstrated that the vulnerabilities in OkCupidвЂ™s application and site could offer a hacker use of a userвЂ™s full profile details, personal communications, intimate orientation, individual details, and all sorts of presented responses to OkCupidвЂ™s profiling concerns. The flaws would likewise have enabled the hacker to govern the goal userвЂ™s profile information and deliver brand new messages with other users from their account вЂ“ enabling the hacker to impersonate the genuine individual for further fraudulent or harmful tasks.
Scientists detailed the three-step attack method which will have enabled a hacker to focus on users:
- The hacker creates a harmful website link containing a targeted payload that initiates the assault
- The hacker delivers the web link towards the intended target, or posts it in a general general general public forum for users to select
- When the target clicks the web link to open up it, the code that is malicious performed, offering the hacker usage of the targetвЂ™s account
Oded Vanunu, Head of items Vulnerability analysis at Check aim, stated: вЂњOur research into OkCupid, which can be the most popular platforms that are dating has raised some severe concerns within the protection of all of the dating apps and internet sites. We demonstrated that usersвЂ™ private details, communications and pictures could possibly be accessed and manipulated by a hacker, therefore every designer and individual of the dating application should pause to think about the amount of safety round the intimate details and pictures which they host and share on these platforms. Thankfully, OkCupid reacted to the findings instantly and responsibly to mitigate these weaknesses on the mobile software and site.вЂќ
Check aim scientists responsibly disclosed their findings to OkCupid. OkCupid acknowledged and fixed the safety flaws with its servers, therefore users don’t need to just simply simply take any action. After the disclosure and fixing of this vulnerabilities, OkCupid issued this statement: вЂњCheck Point Research informed OkCupid developers in regards to the weaknesses exposed in this research and an answer ended up being responsibly implemented to make sure its users can properly carry on making use of the OkCupid software. Maybe perhaps Not just an user that is single influenced by the possible vulnerability on OkCupid, so we had the ability to correct it within 48 hours. WeвЂ™re grateful to lovers like Check aim who with OkCupid, place the security and privacy of y our users first.вЂќ
For information on the weaknesses and a video clip showing the way they might be exploited, see
About Check Aim Analysis
Always check aim analysis provides cyber that is leading intelligence to test Point computer computer Software clients and also the greater cleverness community. The study group collects and analyzes worldwide cyber-attack data saved on ThreatCloud to keep hackers from increasing, while ensuring all Check Point items are updated aided by the latest defenses. The research group consist of over 100 analysts and scientists cooperating along with other protection vendors, police force and various CERTs.
About Check Aim Computer Software Technologies Ltd.