OkCupid Vulnerabilities Discovered That Could Have Let Hackers Access Personal Details of Online Daters

Security researchers at Check Point Research found security issues through the OkCupid Android app version 40.3.1 on Android 6.0.1.

Advertisement
By Jagmeet Singh | Updated: 29 July 2020 19:17 IST
Highlights
  • OkCupid website and mobile app were found to have serious issues
  • The dating platform claimed it fixed the flaws within 48 hours
  • OkCupid assured that no user has been impacted by the issues

OkCupid has seen some growth in user engagements during the coronavirus outbreak

Security researchers identified multiple vulnerabilities on the Web and mobile platforms of online dating site OkCupid that could have allowed hackers to steal user private data of users. The data could include full profile details, private messages, sexual orientation, personal addresses, and even all submitted answers to OkCupid's profiling questions. The team at OkCupid is claimed to have fixed the flaws within 48 hours of receiving their details. It has also stated that the vulnerabilities haven't impacted any of its users.

Researchers at Check Point Research disclosed the vulnerabilities in OkCupid that could have allowed hackers to gain user data access. The research work took place through the OkCupid Android app version 40.3.1 on Android 6.0.1. Upon reverse engineering the mobile app, the researchers discovered “deep links” functionality that could provide backdoor access to hackers to send malicious links.

Advertisement

While testing the mobile app, the researchers' team was also able to find the OkCupid primary domain vulnerable to cross-site scripting (XSS) attacks. Both those loopholes could be combined to let a hacker send specially crafted links to users and steal their personal data.

The researchers said that at the time of their testing, they saw that the server responded with all the information regarding the victim's profile, including email, and family status.

Advertisement

“Performing actions on behalf of the victim is also possible due to the exfiltration of the victim's authentication token and the users' ID,” the researchers noted in a blog.

Additionally, Check Point researchers found a misconfigured Cross-Origin Resource Sharing (CROS) policy in an API server of OkCupid. It could allow hackers to even filter user data from the profile API endpoint and let them read victim's personal conversations.

Advertisement

“Not a single user was impacted by the potential vulnerability on OkCupid, and we were able to fix it within 48 hours,” OkCupid responded to Check Point on its discovery.

Online dating has reached new levels due to the coronavirus outbreak that has brought restrictions in meeting people physically. OkCupid itself has also noticed as much as 20 percent increase in conversations and 10 percent increase in matches globally. However, there are some references showing that people meeting online aren't that safe due to potential vulnerabilities and growing amounts of data breaches.


In 2020, will WhatsApp get the killer feature that every Indian is waiting for? We discussed this on Orbital, our weekly technology podcast, which you can subscribe to via Apple Podcasts or RSS, download the episode, or just hit the play button below.

 

Get your daily dose of tech news, reviews, and insights, in under 80 characters on Gadgets 360 Turbo. Connect with fellow tech lovers on our Forum. Follow us on X, Facebook, WhatsApp, Threads and Google News for instant updates. Catch all the action on our YouTube channel.

Advertisement

Related Stories

Popular Mobile Brands
  1. OpenAI Codex Micro Launched as a Keyboard Built for AI Coding Workflows
  2. Realme Could Replace Realme UI With ColorOS 17 in India
  3. OnePlus Phones Will Soon Run on ColorOS 17 Instead of OxygenOS
  4. Nubia NaviX Ultra Design, Colourways Unveiled Ahead of July 17 Launch
  5. Samsung Galaxy Z Fold 8's 'New Shape' Appears in a New Spider-Man Video
  1. Samsung Galaxy Tab S12 Ultra CAD Renders Leaked Online; Reveals Familiar Look
  2. Apple Back to School Sale Now Live in India, Bringing Offers on MacBook Air, iPad Pro and More
  3. Realme Could Replace Realme UI With ColorOS 17 in India: Report
  4. Nubia NaviX Ultra Design, Colour Options Unveiled Ahead of July 17 Launch
  5. Lenovo Legion Y700 Infinite Chipset Details Teased Officially; Key Specifications Tipped Online
  6. Bitcoin Holds Above $64,500 as Institutional Demand Remains Mixed
  7. Samsung and Spider-Man Come Together to Tease the ‘New Shape’ of the Next Galaxy Z Fold
  8. OnePlus Announces Transition from OxygenOS to ColorOS With Android 17; to Cease Europe, US Operations
  9. CMF Clip Pro Reportedly Spotted on IMDA, Could Debut as Clip-Style Earbuds
  10. Redmi 17 4G Price, Specifications and Renders Reportedly Surface Ahead of Launch
Download Our Apps
Available in Hindi
© Copyright Red Pixels Ventures Limited 2026. All rights reserved.