Security researchers recognized a number of vulnerabilities on the Web and cellular platforms of on-line courting web site OkCupid that might have allowed hackers to steal person personal knowledge of customers. The knowledge might embody full profile particulars, personal messages, sexual orientation, private addresses, and even all submitted solutions to OkCupid’s profiling questions. The crew at OkCupid is claimed to have fastened the failings inside 48 hours of receiving their particulars. It has additionally said that the vulnerabilities have not impacted any of its customers.
Researchers at Check Point Research disclosed the vulnerabilities in OkCupid that might have allowed hackers to achieve person knowledge entry. The analysis work happened by way of the OkCupid Android app model 40.3.1 on Android 6.0.1. Upon reverse engineering the cellular app, the researchers found “deep links” performance that might present backdoor entry to hackers to ship malicious hyperlinks.
While testing the cellular app, the researchers’ crew was additionally capable of finding the OkCupid main area weak to cross-site scripting (XSS) assaults. Both these loopholes could possibly be mixed to let a hacker ship specifically crafted hyperlinks to customers and steal their private knowledge.
The researchers mentioned that on the time of their testing, they noticed that the server responded with all the knowledge relating to the sufferer’s profile, together with e-mail, and household standing.
“Performing actions on behalf of the victim is also possible due to the exfiltration of the victim’s authentication token and the users’ ID,” the researchers noted in a weblog.
Additionally, Check Point researchers discovered a misconfigured Cross-Origin Resource Sharing (CROS) coverage in an API server of OkCupid. It might enable hackers to even filter person knowledge from the profile API endpoint and allow them to learn sufferer’s private conversations.
“Not a single user was impacted by the potential vulnerability on OkCupid, and we were able to fix it within 48 hours,” OkCupid responded to Check Point on its discovery.
Online courting has reached new ranges because of the coronavirus outbreak that has introduced restrictions in assembly folks bodily. OkCupid itself has additionally noticed as a lot as 20 p.c improve in conversations and 10 p.c improve in matches globally. However, there are some references displaying that folks assembly on-line aren’t that protected resulting from potential vulnerabilities and rising quantities of knowledge breaches.
In 2020, will WhatsApp get the killer function that each Indian is ready for? We mentioned this on Orbital, our weekly expertise podcast, which you’ll subscribe to by way of Apple Podcasts or RSS, download the episode, or simply hit the play button beneath.
Leave a Reply