OkCupid Vulnerabilities Found That May Have Let Hackers Entry Private Particulars of On-line Daters

Safety researchers recognized a number of vulnerabilities on the Net and cellular platforms of on-line relationship website OkCupid that might have allowed hackers to steal consumer personal knowledge of customers. The info might embody full profile particulars, personal messages, sexual orientation, private addresses, and even all submitted solutions to OkCupid’s profiling questions. The crew at OkCupid is claimed to have fastened the issues inside 48 hours of receiving their particulars. It has additionally acknowledged that the vulnerabilities have not impacted any of its customers.

Researchers at Verify Level Analysis disclosed the vulnerabilities in OkCupid that might have allowed hackers to achieve consumer knowledge entry. The analysis work occurred by the OkCupid Android app model 40.three.1 on Android 6.zero.1. Upon reverse engineering the cellular app, the researchers found “deep hyperlinks” performance that might present backdoor entry to hackers to ship malicious hyperlinks.

Whereas testing the cellular app, the researchers’ crew was additionally capable of finding the OkCupid main area susceptible to cross-site scripting (XSS) assaults. Each these loopholes could possibly be mixed to let a hacker ship specifically crafted hyperlinks to customers and steal their private knowledge.

The researchers mentioned that on the time of their testing, they noticed that the server responded with all the data relating to the sufferer’s profile, together with e mail, and household standing.

“Performing actions on behalf of the sufferer can also be doable as a result of exfiltration of the sufferer’s authentication token and the customers’ ID,” the researchers famous in a weblog.

Moreover, Verify Level researchers discovered a misconfigured Cross-Origin Useful resource Sharing (CROS) coverage in an API server of OkCupid. It might permit hackers to even filter consumer knowledge from the profile API endpoint and allow them to learn sufferer’s private conversations.

“Not a single consumer was impacted by the potential vulnerability on OkCupid, and we have been capable of repair it inside 48 hours,” OkCupid responded to Verify Level on its discovery.

On-line relationship has reached new ranges as a result of coronavirus outbreak that has introduced restrictions in assembly folks bodily. OkCupid itself has additionally seen as a lot as 20 % enhance in conversations and 10 % enhance in matches globally. Nonetheless, there are some references displaying that folks assembly on-line aren’t that protected as a result of potential vulnerabilities and rising quantities of knowledge breaches.

In 2020, will WhatsApp get the killer characteristic that each Indian is ready for? We mentioned this on Orbital, our weekly expertise podcast, which you’ll subscribe to by way of Apple Podcasts or RSS, obtain the episode, or simply hit the play button beneath.