always always Check aim scientists prove how a hacker may have accessed usersвЂ™ sensitive data вЂ“ full profile details, personal communications, pictures and email addresses вЂ“ on OkCupid, the leading free online dating sites platform
SAN CARLOS, Calif (GLOBE NEWSWIRE) — always check Point analysis, the Threat Intelligence supply of Check Point В® Software Technologies Ltd. (NASDAQ: CHKP), a number one provider of cyber safety solutions globally, recently identified and helped mitigate a few protection flaws on OkCupidвЂ™s site and mobile application. If exploited, the weaknesses will have permitted a hacker to access and take the personal information of OkCupid users, and deliver communications from their account without usersвЂ™ knowledge.
Launched, OkCupid has become one of several leading free internet dating services globally with more than 50 million new users and found in 110 nations. 91 million connections had been made through the web web site yearly, with on disney dating apps average 50,000 times arranged each week. Through the Covid-19 pandemic, OkCupid has seen a 20% upsurge in conversations. Nevertheless, the detail by detail private information submitted by users additionally makes online dating sites solutions objectives for threat actors, either for targeted assaults, and for offering on to many other hackers.
always always always Check aim scientists demonstrated that the vulnerabilities in OkCupidвЂ™s application and web site could provide a hacker use of a userвЂ™s full profile details, personal communications, intimate orientation, individual details, and all sorts of presented responses to OkCupidвЂ™s profiling concerns. The flaws would likewise have enabled the hacker to govern the mark userвЂ™s profile information and deliver brand brand brand new communications with other users from their account вЂ“ enabling the hacker to impersonate the genuine individual for further fraudulent or harmful tasks.
Scientists detailed the three-step attack method which may have enabled a hacker to focus on users:
- The hacker produces a malicious website link containing a targeted payload that initiates the assault
- The hacker delivers the web link into the target that is intended or posts it in a general general general general public forum for users to click
- After the target clicks the hyperlink to start it, the code that is malicious performed, offering the hacker use of the targetвЂ™s account
Oded Vanunu, Head of items Vulnerability analysis at Check aim, stated: вЂњOur research into OkCupid, which can be probably one of the most popular platforms that are dating has raised some severe concerns within the safety of all of the dating apps and web sites. We demonstrated that usersвЂ™ private details, communications and pictures might be accessed and manipulated with a hacker, therefore every designer and individual of a app that is dating pause to think about the amount of safety all over intimate details and pictures which they host and share on these platforms. Fortunately, OkCupid reacted to your findings instantly and responsibly to mitigate these weaknesses to their mobile software and web site.вЂќ
always Check Point scientists responsibly disclosed their findings to OkCupid. OkCupid acknowledged and fixed the protection flaws with its servers, therefore users don’t need to simply just just simply take any action. After the disclosure and repairing associated with the vulnerabilities, OkCupid issued this statement: вЂњCheck Point Research informed OkCupid developers in regards to the weaknesses exposed in this research and a remedy had been responsibly implemented to make sure its users can properly keep using the app that is okCupid. Perhaps perhaps maybe Not just a solitary individual ended up being influenced by the possibility vulnerability on OkCupid, and now we could actually correct it within 48 hours. We are grateful to lovers like Check aim whom with OkCupid, place the privacy and safety of our users first.вЂќ
For information on the weaknesses and a video clip showing the way they might be exploited.
About Check Point analysis Check aim analysis provides leading cyber hazard intelligence to check on Point computer Software clients therefore the greater cleverness community. The study group collects and analyzes international cyber-attack information saved on ThreatCloud to keep hackers from increasing, while ensuring all Check Point items are updated utilizing the latest defenses. The research group is comprised of over 100 analysts and scientists cooperating along with other protection vendors, police and different CERTs.