Experts Reaction Om OkCupid App & Web Security Flaws Discovered

The checkpoint research team reported a slew of flaws in OkCupid’s popular dating app, allowing attackers to collect users’ sensitive information, change their profile, or even send messages from their profile. Cybersecurity experts reacted below on this research.


EXPERTS COMMENTS
Chris Hauk, Consumer Privacy Champion,  Pixel Privacy
July 30, 2020
Dating app users should carefully research any dating app's privacy policy before signing up.
Numerous dating apps have been found to have security flaws and to be collecting and sharing information about users' profiles, chat contents, and even their financial information. Dating app users should carefully research any dating app's privacy policy before signing up, and should only sign up for services that collect and share as little information as possible about their users. ....
[Read More >>]
Brian Higgins, Security Specialist,  Comparitech.com
July 30, 2020
t’s extremely naive and dangerous to place all security responsibilities upon the platform provider and not take steps to protect yourself as well.
This story is rather alarmist as the vulnerabilities described have been fixed by OkCupid. In fact, they state that they were grateful for the information and took steps to mitigate the threats within 48 hours. Furthermore, it would appear there was no evidence to suggest any user data was breached. As a platform provider, they have acted swiftly and properly although they ought to have been check ....
[Read More >>]
Thomas Richards, Principal Consultant,  Synopsys
July 30, 2020
Once an account is compromised, the attackers could use that account to facilitate additional compromise.
With the ability to send messages to users, the chances of social engineering within the application are high. There is both a mobile and web interface which gives attackers the possibility to script sending messages to various users with the aim of compromising user profiles. Setting up fake accounts with attractive photos has been used before in phishing attacks and could certainly be used again ....
[Read More >>]
John Kozyrakis, Senior Security Research Engineer,  Synopsys
July 30, 2020
The Android app is configured to automatically open OkCupid-related URLs the user clicks on.
Like most XSS issues involving social engineering, an attacker would need to distribute a malicious link to users, and users would need to click on it. Normally this works only when the user is already logged in to a web application. In this case, the Android app is configured to automatically open OkCupid-related URLs the user clicks on. As such, if an attacker manages to send specially crafte ....
[Read More >>]

If you are an expert on this topic:

Submit Your Expert Comments


In this article