The security team at Check Point has warned people of the risk of using dating apps where a lot of cases have been reported leading to ransom, especially in the last two years. Dating apps have become an important source of actionable data for cyber criminals as users on these apps share much more private information and more photos than they do on other platforms.
One of the most popular dating apps, OkCupid, has about 50 million registered users in more than 100 countries. It is part of Match Group, an online dating world that has other platforms under it as well, such as Tinder, Plenty Of Fish, and Match. Check Point wanted to test how easy it would be for hackers to hijack accounts on OkCupid and found out that the task would be actually very convenient for attackers. According to Check Point, the access to everything within an account on OkCupid was easily available, including personal details and identity, messages, and photos.
Check Point identified a vulnerability in OkCupid's link scheme which could be spoofed by malicious links disguised as ones belonging to the app itself. The links provided a route to exfiltrate data, hence allowing to trigger actions within the platform. A user that would click the link would 'credentialize' themselves, hence providing the hacker complete access to their account.
Check Point explained that the process is as simple as using a fake ID to find matches, start chatting and sending a link in the chat. From there, it is quite easy to obtain the victim's account and start ransoming them.
Check Point shared the results with OkCupid, hence encouraging it to fix the potential issue. OkCupid was able to fix it within 48 hours and managed to keep users away from the potential harm.
However, according to Check Point, there still lies, unfortunately, a lot of risk across the industry that is yet to be discovered and more awareness needs to be created among users. There is a lot of private information at stake when it comes to dating apps. The fact that these apps are being used exceptionally by people makes them an attractive target place for hackers.
Dating apps are actually far from safe and should reflect on what more can be done to improve security. Users of these apps need to be equally careful too.