OkCupid Security Flaw Discovered and Fixed Before Any Users Harmed

Dominic Whitlock 29th July 202031st July 2020

OkCupid has avoided a potentially major data leak after working with researchers to uncover and fix flaws in its security systems.

Check Point Research identified issues on OkCupid’s app and website, and demonstrated how hackers could exploit them to access users’ profiles, private information, identifying details and answers to profile questions.

It may have also been possible for fraudsters to impersonate the victims and send private messages to other users.

Head of Products Vulnerability Research at Check Point said in a statement: “We demonstrated that users’ private details, messages and photos could be accessed and manipulated by a hacker, so every developer and user of a dating app should pause to reflect on the levels of security around the intimate details and images that they host and share on these platforms.

“Thankfully, OkCupid responded to our findings immediately and responsibly to mitigate these vulnerabilities on their mobile app and website.”

Once Check Point shared its findings with OkCupid the issue was able to be resolved within 48 hours and there was no evidence of any users being impacted.

In March, separate researchers found a location tracker was available on OkCupid that could have shown where users lived with an accuracy of 10-20 metres. However, this issue was also resolved without any major issues.