OKCupid’s Visitor API Reveals its Users’ Personal Information

OkCupid

Developer Zack Whipkey has revealed this week that visitor data has been available via OKCupid’s Visitor API.

Last year, OKCupid removed the feature of allowing its users to see who had viewed their profile.

In a blog post, however, Whipkey announced that he was still able to access OKCupid’s unofficial JavaScript and access personal and detailed information about who has viewed his profile.

He wrote: “A couple months ago, I met a woman on OKCupid who was also a developer. She boasted about being able to use the now removed Visitor feature of OKCupid through their JSON API, polling it to see who was looking at her profile throughout the day. We weren’t a match for each other, but I was intrigued by the API.”

The personal data described was never displayed publicly and contained personally identifiable information, including users’ dates of birth.

It also included location data but it was unknown as to whether the location was set manually or or using a GPS on a mobile phone.

Whipkey released the information to OKCupid on Thursday 29th March and the company immediately removed the access for the Visitor API.

This may cause a large amount of controversy following the privacy and data protection from Facebook’s Cambridge Analytica scandal recently.

Read more here.