OkCupid hack: don't accept links from strangers

With 16 years of activity behind it and over 50 million registered users worldwide, OkCupid is one of the most popular online platforms in terms of dating and dating. For an unspecified period, she was also vulnerable to a practice which, by simply sharing a link, allowed attackers to obtain personal and confidential information belonging to other members.

OkCupid between love and vulnerability

This is explained by Check Point researchers. The demonstration in the streaming video below that illustrates how simple it was to carry out the violation: it was sufficient to send a link created ad hoc via private message, perhaps incentivizing its opening by promising the birth of a long and romantic acquaintance. In doing so, however, the victim started the transmission of their data: place of residence, physical characteristics such as height and build, sexual preferences, political orientation, religious belief, passions, profession, habits related to smoking or alcohol, date of birth and more more.



Considering how the OkCupid managers themselves say that the service is used to organize about 50,000 meetings every week, it is not difficult to understand how large the audience of potential victims of the scam has been. The number has grown rapidly in the last period, thanks to the distancing measures that have strongly influenced the sociality of people: + 20% in the volume of conversations recorded globally and + 10% for that of the scheduled appointments.

vulnerabilities, reported by researchers from Check Point to the team at OkCupid and resolved before the publication of the report, have concerned, in particular Android apps of the service. Users are therefore invited to update them if you have not yet done so and, as recommended in the common sense, be wary of links received from unknown senders.

Source: Check Point Research