Avoiding Dating Disasters: Check Point Research Helps to Mitigate Significant Vulnerabilities in OkCupid’s Website and Mobile App
Check Point Research identified serious security vulnerabilities on OkCupid that could allow hackers to access private user data. These flaws could enable unauthorized users to manipulate profiles and send messages impersonating real users. OkCupid, which has over 50 million users, quickly addressed these issues after being notified by Check Point, ensuring no users were impacted. The vulnerabilities were fixed within 48 hours, emphasizing the importance of security in online dating platforms.
- Quick response from OkCupid to fix vulnerabilities within 48 hours.
- No users were impacted by the identified vulnerabilities.
- Serious security flaws identified that could have exposed sensitive user data.
SAN CARLOS, Calif., July 29, 2020 (GLOBE NEWSWIRE) -- Check Point Research, the Threat Intelligence arm of Check Point® Software Technologies Ltd. (NASDAQ: CHKP), a leading provider of cyber security solutions globally, recently identified and helped mitigate several security flaws on OkCupid’s website and mobile app. If exploited, the vulnerabilities would have allowed a hacker to access and steal the private data of OkCupid users, and send messages from their account without users’ knowledge.
Launched in 2004, OkCupid is now one of the leading free online dating services globally with over 50 million registered users and used in 110 countries. In 2019, 91 million connections were made via the site annually, with an average of 50,000 dates arranged every week. During the Covid-19 pandemic, OkCupid has seen a
Check Point researchers demonstrated that the vulnerabilities in OkCupid’s app and website could give a hacker access to a user’s full profile details, private messages, sexual orientation, personal addresses, and all submitted answers to OkCupid’s profiling questions. The flaws would also have enabled the hacker to manipulate the target user’s profile data and send new messages to other users from their account – enabling the hacker to impersonate the real user for further fraudulent or malicious activities.
Researchers detailed the three-step attack method which would have enabled a hacker to target users:
- The hacker generates a malicious link containing a targeted payload that initiates the attack
- The hacker sends the link to the intended target, or publishes it in a public forum for users to click on
- Once the victim clicks the link to open it, the malicious code is executed, giving the hacker access to the target’s account
Oded Vanunu, Head of Products Vulnerability Research at Check Point, said: “Our research into OkCupid, which is one of the most popular dating platforms, has raised some serious questions over the security of all dating apps and websites. We demonstrated that users’ private details, messages and photos could be accessed and manipulated by a hacker, so every developer and user of a dating app should pause to reflect on the levels of security around the intimate details and images that they host and share on these platforms. Thankfully, OkCupid responded to our findings immediately and responsibly to mitigate these vulnerabilities on their mobile app and website.”
Check Point researchers responsibly disclosed their findings to OkCupid. OkCupid acknowledged and fixed the security flaws in its servers, so users do not need to take any action. Following the disclosure and fixing of the vulnerabilities, OkCupid issued this statement: “Check Point Research informed OkCupid developers about the vulnerabilities exposed in this research and a solution was responsibly deployed to ensure its users can safely continue using the OkCupid app. Not a single user was impacted by the potential vulnerability on OkCupid, and we were able to fix it within 48 hours. We're grateful to partners like Check Point who with OkCupid, put the safety and privacy of our users first.”
For details of the vulnerabilities and a video showing how they could be exploited, visit https://research.checkpoint.com.
Follow Check Point Research via:
Blog: https://research.checkpoint.com/
Twitter: https://twitter.com/_cpresearch
About Check Point Research
Check Point Research provides leading cyber threat intelligence to Check Point Software customers and the greater intelligence community. The research team collects and analyzes global cyber-attack data stored on ThreatCloud to keep hackers at bay, while ensuring all Check Point products are updated with the latest protections. The research team consists of over 100 analysts and researchers cooperating with other security vendors, law enforcement and various CERTs.
About Check Point Software Technologies Ltd.
Check Point Software Technologies Ltd. (www.checkpoint.com) is a leading provider of cyber security solutions to governments and corporate enterprises globally. Check Point’s solutions protect customers from 5th generation cyber-attacks with an industry leading catch rate of malware, ransomware and advanced targeted threats. Check Point offers a multilevel security architecture, “Infinity Total Protection with Gen V advanced threat prevention”, this combined product architecture defends an enterprises’ cloud, network and mobile devices. Check Point provides the most comprehensive and intuitive one point of control security management system. Check Point protects over 100,000 organizations of all sizes.
| MEDIA CONTACT: | INVESTOR CONTACT: |
| Emilie Beneitez Lefebvre | Kip E. Meintzer |
| Check Point Software Technologies | Check Point Software Technologies |
| press@checkpoint.com | ir@us.checkpoint.com |
FAQ
What vulnerabilities were found by Check Point on OkCupid?
How did OkCupid respond to the security issues identified by Check Point?
What is the potential impact of the vulnerabilities on OkCupid users?
What measures did Check Point take to disclose the vulnerabilities?
How does Check Point Research contribute to cybersecurity?
