Check Point researchers discovered major security vulnerabilities on popular OkCupid dating app. 

According to researchers Alon Boxiner and Eran Vaknin, OkCupid has more than 50 million registered users, the majority aged between 25 and 34. The company claims that over 91 million connections are made through it annually. 

The vulnerabilities the researchers found could have allowed attackers to:

  • Expose users’ sensitive data stored on the app.
  • Perform actions on behalf of the victim.
  • Steals users’ profile and private data, preferences and characteristics.
  • Steals users’ authentication token, users’ IDs, and other sensitive information such as email addresses.
  • Send the data gathered to the attacker’s server.

After Check Point Research informed OkCupid developers about the vulnerabilities exposed in this research, a solution was responsibly deployed to ensure its users can safely continue using the OkCupid app, note the researchers. 

OkCupid added: “Not a single user was impacted by the potential vulnerability on OkCupid, and we were able to fix it within 48 hours. We’re grateful to partners like Checkpoint who with OkCupid, put the safety and privacy of our users first.”

Ray Kelly, principal security engineer at WhiteHat Security, a San Jose, Calif.-based provider of application security, says, “Quite often we see that mobile app developers do not realize that their apps can be vulnerable to the same exploits as typical websites. In this case, a cross site scripting vulnerability was discovered on their corporate website and was simply exploited through the mobile app. This demonstrates the importance of not only testing the mobile app for security vulnerabilities, but also testing any backend or linked web servers with a thorough Dynamic Application Security Testing (DAST) assessment.”