Emails from OKCupid can allow anyone access to your account, according to Venture Beat.
If someone else got hold of an email that was sent to you by OKCupid – for example a promotional offer – when they click the link, they are given access to your profile.
VentureBeat reported the same security flaw in August, and it still seems to be a problem.
Often OKCupid will send users emails such as “check out your matches”, and supply a link back to your account to view these matches.
The link sent in these emails is part of a feature called “login instantly”, which doesn’t require authentication because you are accessing the message through another login – your email.
This link provides whoever clicks it with full access to the account, letting you send messages, change profile and payment information, or even delete the account.
VentureBeat have asked OKCupid why this feature is still in place – one assumes it is so there is one less barrier and password to remember before entering the site – but it is surely a security issue they can’t ignore.