Security researchers have discovered multiple vulnerabilities on the web and mobile platforms of the online dating site OkCupid. These vulnerabilities may allow hackers to steal users’ private data. The data may include complete personal information details, private messages, sexual orientation, personal addresses, and even answers to all submitted questions regarding OkCupid analysis. OkCupid’s team reportedly fixed these defects within 48 hours of receiving the detailed information. It also pointed out that the vulnerability did not affect any of its users.
Researchers at Check Point Research have disclosed vulnerabilities in OkCupid that could allow hackers to gain access to user data. The research work was conducted through OkCupid Android application version 40.3.1 on Android 6.0.1. After reverse engineering the mobile application, the researchers discovered the “deep link” feature, which can provide hackers with backdoor access to send malicious links.
While testing the mobile application, the team of researchers was also able to discover that the OkCupid main domain is vulnerable to cross-site scripting (XSS) attacks. These two vulnerabilities can be combined to allow hackers to send specially crafted links to users and steal their personal data.
The researchers said that during the test, they found that the server responded to all information about the victim’s personal data, including email and family status.
The researcher pointed out in the blog: “Due to the disclosure of the victim’s authentication token and user ID, operations can also be performed on behalf of the victim.”
In addition, Check Point researchers discovered a misconfigured cross-domain resource sharing (CROS) strategy in OkCupid’s API server. It can even enable hackers to filter user data from the profile API endpoint and let them read the victim’s personal conversations.
“No user was affected by a potential vulnerability on OkCupid, and we were able to fix it within 48 hours,” OkCupid responded to Check Point’s findings.
Due to the coronavirus outbreak, online dating has reached a new level, which has put restrictions on meeting people. OkCupid itself also noticed a 20% increase in conversations worldwide and a 10% increase in competitions. However, there are some references that indicate that people are not safe to meet online due to potential loopholes and increasing data breaches.
In 2020, will WhatsApp gain the killer feature that every Indian is waiting for? We discussed it on Orbital, a weekly technical podcast, you can subscribe via Apple Podcast or RSS, download the episode or click the play button below.