Contributed by: ElyseRomano Tuesday, February 26 2019 @ 03:00 pm
Is OkCupid the latest dating platform to fall victim to hackers? That depends on who you ask.
A news story from TechCrunch[*1] reports that an OkCupid user reached out to the tech news site after a hacker broke into his OkCupid account, reset his password and changed the email address on file. OkCupid instantly accepted the address change, he said, without sending an email asking for confirmation that the change was correct. When he contacted OkCupid’s customer service about the issue, he was told the company was “not able to provide any details about accounts not connected to your email address.”
The user is now locked out of his account with no way to reset his password and regain access. Making matters worse, the hacker began harassing him with “strange text messages” from his phone number that was taken from one of his private messages.
TechCrunch reached out to other OkCupid users who said their accounts had been hacked. Some had no luck restoring access to their accounts. One said he eventually did get his back, but it was “two days of constant damage control until [OkCupid] finally reset the password for me.” Another admitted he didn’t bother to try at all.
What’s unclear is how these accounts were breached in the first place. OkCupid’s support pages caution users against using login information they use on other apps or sites. “If you use the same password on several different sites or services, then your accounts on all of them have the potential to be taken over if one site has a security breach,” says a support page[*2] . Yet several people whose accounts were compromised said their passwords were unique to OkCupid and not used anywhere else. So how did they fall into the hands of hackers?
“There has been no security breach at OkCupid,” said Natalie Sawyer, a spokesperson for OkCupid. “All websites constantly experience account takeover attempts. There has been no increase in account takeovers on OkCupid.” When TechCrunch asked how OkCupid plans to prevent account hacks in the future, Sawyer said the company had “no further comment.”
Nick Hayes, former Forrester analyst and current vice president of strategy at IntSights, told the cybersecurity news site SC Media[*3] that OkCupid’s protest in the face of multiple user reports of hacking “clearly shows the company doesn’t appropriately account for customer-facing risks in its threat modeling.” “Even if OkCupid is okay at protecting itself,” he continued, “it needs to take more ownership for how it monitors and mitigates external digital risks for its customers, and the company at large.”
Dating websites are popular targets for cybercriminals, as they are treasure troves of personal data that can be exploited. Many companies recognize this vulnerability and safeguard users against account takeover attempts with advanced security tools like two-factor authentication. OkCupid has yet to implement two-factor authentication, or to take steps to rectify these recent account thefts, reminding singles once again to be diligent about protecting their personal information online.
To find out more about this dating service you can read our OkCupid review.