Security breach compromises data of more than 5 million OkCupid users

An investigation reveals that an information leak in the application of OkCupid dating may have compromised the personal data of millions of users. The flaw found in the platform code allowed any malicious hacker to access the real-time location of the more than 5 million active members. OkCupid has already been notified and has already solved the problem.

To find the security hole, the CyberNews website analysts put themselves in the role of a hacker and intercepted the requests and responses from the existing network between the application and the server through a Proxy Man In The Middle (MITM).

Security flaw found in OkCupid application code credits: CyberNews

The experts found that it was possible to access the locations and, since the data is updated automatically as long as the user is active, hackers could easily identify where the victim was.

The way in which dating applications handle user data has been targeted by regulators, especially in Europe. Facebook Dating, for example, was one of the most recent to face scrutiny from the Irish Data Protection Commission (PDD), which ended up destroying the company's plans to launch the application in European territory.

Also in February of this year, DCP opened two formal investigations, Google and Tinder. At issue was how they deal with European users' private information, and the regulator suspected that they were violating the General Data Protection Regulation.

The Irish regulatory authority's decision came after a report by the Norwegian Consumer Council, in partnership with cybersecurity company Mnemonic, revealed that there are 10 applications, including Tinder, that violate the privacy of its users and do not comply with GDPR standards.

The report stated that the applications provided user data to 135 companies in the area of ​​advertising or behavioral profile analysis, including IP address, GPS location up to their gender and age. The information collected could be used to track consumers and personalize the advertisements that appear on the platforms, for example, foreseeing their religious beliefs or sexual orientations.