Users report data breach in OkCupid dating service

Some OkCupid users claim their information is compromised; app managers deny it

In online dating services, lies, exaggeration and disappointments abound, but according to network security and ethical hacking specialists from the International Institute of Cyber Security say they are also easy targets for hackers.

Dating apps may not store the most personal data, as is the case with banks or hospitals, but they guard details too intimate, which puts them in the sights of malicious hackers. Either by using backdoors or using brute force or leaked passwords, services like Ashley Madison or AdultFriendFinder are some of the most popular victims of this kind of incidents.

According to network security specialists, OkCupid service has become the most recent victim.

In recent days, one of the service users claimed that his account was hacked. The user, who has decided to remain anonymous, reported that the hacker entered his account and changed his password, so the user was expelled from his own account. As if it were not enough, the user mentions that the attackers changed his email address, so it was impossible to reset his password.

OkCupid took no action to corroborate the change of email, made the change without questioning anything. The user sent an email to OkCupid customer service, which responded: “We regret that we cannot provide details about an account that is not linked to your email address”. The user mentions that the attacker who hacked his account started harassing him via SMS.

This was not an isolated case, say network security specialists. Eventually, many other users began to report that their OkCupid accounts had been hacked. One of these users said, “I spent two days controlling the damage caused by the hacker until OkCupid decided to reset my password”.

Other upset users ran with better luck, as the company reestablished its passwords as soon as possible. However, some users claim that hackers can still access compromised accounts.

Users are not yet explained how the attackers accessed their passwords. OkCupid says that “this is not a data breach”. Natalie Sawyer, spokesperson for the dating service, said: “Any website is constantly facing attempts to hijack accounts, but we can say that this is not what happens in OkCupid”.

When being questioned about the measures OkCupid will implement to mitigate greater risks, the spokesperson mentioned that “the company has no more to say at the moment”.

Like dating services such as PlentyOfFish, Badoo, eHarmony, among others, OkCupid does not have a multi-factor authentication system.

In addition to dealing with the pressure of contacting strangers online, users will now have to take care of hackers as well.