News: Latest News
Latest NewsCompaniesMarketsEconomy & ForexCommoditiesInterest RatesBusiness LeadersFinance Pro.CalendarSectors

Avoiding Dating Disasters: Check Point Research Helps to Mitigate Significant Vulnerabilities in OkCupid's Website and Mobile App | Check Point Software

08/04/2020 | 04:44am EDT

Check Point Research, the Threat Intelligence arm of Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of cyber security solutions globally, recently identified and helped mitigate several security flaws on OkCupid's website and mobile app. If exploited, the vulnerabilities would have allowed a hacker to access and steal the private data of OkCupid users, and send messages from their account without users' knowledge.

Launched in 2004, OkCupid is now one of the leading free online dating services globally with over 50 million registered users and used in 110 countries. In 2019, 91 million connections were made via the site annually, with an average of 50,000 dates arranged every week. During the Covid-19 pandemic, OkCupid has seen a 20% increase in conversations. However, the detailed personal information submitted by users also makes online dating services targets for threat actors, either for targeted attacks, or for selling on to other hackers.

Check Point researchers demonstrated that the vulnerabilities in OkCupid's app and website could give a hacker access to a user's full profile details, private messages, sexual orientation, personal addresses, and all submitted answers to OkCupid's profiling questions. The flaws would also have enabled the hacker to manipulate the target user's profile data and send new messages to other users from their account - enabling the hacker to impersonate the real user for further fraudulent or malicious activities.

Researchers detailed the three-step attack method which would have enabled a hacker to target users:

1 The hacker generates a malicious link containing a targeted payload that initiates the attack

2 The hacker sends the link to the intended target, or publishes it in a public forum for users to click on

3 Once the victim clicks the link to open it, the malicious code is executed, giving the hacker access to the target's account

Oded Vanunu, Head of Products Vulnerability Research at Check Point, said: "Our research into OkCupid, which is one of the most popular dating platforms, has raised some serious questions over the security of all dating apps and websites. We demonstrated that users' private details, messages and photos could be accessed and manipulated by a hacker, so every developer and user of a dating app should pause to reflect on the levels of security around the intimate details and images that they host and share on these platforms. Thankfully, OkCupid responded to our findings immediately and responsibly to mitigate these vulnerabilities on their mobile app and website."

Check Point researchers responsibly disclosed their findings to OkCupid. OkCupid acknowledged and fixed the security flaws in its servers, so users do not need to take any action. Following the disclosure and fixing of the vulnerabilities, OkCupid issued this statement: "Check Point Research informed OkCupid developers about the vulnerabilities exposed in this research and a solution was responsibly deployed to ensure its users can safely continue using the OkCupid app. Not a single user was impacted by the potential vulnerability on OkCupid, and we were able to fix it within 48 hours. We're grateful to partners like Check Point who with OkCupid, put the safety and privacy of our users first."

For details of the vulnerabilities and a video showing how they could be exploited, visit https://research.checkpoint.com

Follow Check Point Research via:

Blog: https://research.checkpoint.com/

Twitter: https://twitter.com/_cpresearch_

About Check Point Research

Check Point Research provides leading cyber threat intelligence to Check Point Software customers and the greater intelligence community. The research team collects and analyzes global cyber-attack data stored on ThreatCloud to keep hackers at bay, while ensuring all Check Point products are updated with the latest protections. The research team consists of over 100 analysts and researchers cooperating with other security vendors, law enforcement and various CERTs.

.

(C) 2020 M2 COMMUNICATIONS, source M2 PressWIRE

Latest news "Companies"
05:26pENCAVIS AG : Notification and public disclosure of transactions by persons
EQ
04:03pFORMULA E : Marrakesh E-Prix 2022 - Race
PU
02:33pMERCEDES BENZ : 2022 British Grand Prix - Saturday
PU
02:00pCP NEWSALERT : B.C. RCMP identify twin brothers as B.C. bank shooting suspects
AQ
01:57pTesla's 2Q sales drop amid supply chain, pandemic problems
AQ
01:13pIMAGE SCAN : 3DX-Ray Appoints Vincent Deery as CEO
PU
01:13pALEAFIA HEALTH : Audited Financial Statement
PU
12:32pUS testing new fire retardant, critics push other methods
AQ
12:29pVirgin Orbit Successfully Launches ‘Straight Up' Mission
BU
12:11pTesla Q2 deliveries fall on China's COVID-related shutdown
RE
Latest news "Companies"