In the quest for finding more suitable matches, millions of online daters end up giving away some crucial information, jeopardizing their privacy and security. Some of these online dating apps have serious vulnerabilities which provide easy access for hackers and cyberbullies to track down the users and find their locations.
When popular US-based dating app OkCupid, which boasts of around five million active members and one million weekly installs, moved to a Tinder-style matching system it promised to keep its users safe, just as any other popular dating app. However, its users could be giving away more than they expected as the popular dating site launched in 2004 has been found to be leaking user information without their knowledge.
OkCupid leaking user location info
A team of researchers over at CyberNews during their research into dating apps discovered that it was possible to retrieve the last location ID of an OKCupid user, allowing almost anyone to determine where the user was logging into the site and find their exact location, potentially giving away their home or work address.
This loophole presents a major threat for OkCupid users who might run the risk of falling victim to incidents such as stalking and cyberbullying.
How did the researchers carry out the process?
The analysts were able to access the location data by intercepting network requests and responses between the app and the company's servers using a MITM (Man In The Middle) Proxy.
Gaining access to these server responses allowed the team to access the last known location IDs of the users, since this information is updated every time a user logs in to OkCupid app and the location status is displayed in the app itself. By taking the different location IDs of users and carrying out the process several times over, the team was able to triangulate the findings to precisely determine the last known location to within a 10 to 20-metre radius.
Women and LGBTQ community at higher risk
The researchers warn that with just a few simple steps a hacker could be able to track anyone on OkCupid in any given city – from home, to work, to social gatherings. This could have dire consequences for the users, especially for women and the LGBTQ community, who are often the victims of stalking and sexual violence.
CyberNews said that it shared its findings with OkCupid in January and the dating website has since fixed the issue, but there are no information or update as to whether the company had fixed the exact flaws that the research mentioned. Further research by CyberNews has revealed that location ID tracking has been removed, but it is not known exactly when it was removed so it becomes difficult to know how long the issue was present and how many of the five million OkCupid users were out at risk in that time until the issue was resolved.
How safe are women on online dating sites?
Meanwhile, with International Women's Day (March 8) in mind, CyberNews conducted research to see how detrimental dating apps, in general, can be to user safety.
As part of the research, CyberNews surveyed 2,321 women to investigate their dating app experiences and found that 91 percent of the women have been called an offensive name on a dating app, 88 percent of women have been harassed whilst using a dating app, and over 7 in every 10 women feat being stalked by someone they're talking to online. Furthermore, 67 percent women have been sent unwanted sexually explicit photos and videos online.