25 Feb 2019
Valentine’s Day week was not a good week for dating sites. Three online dating sites, OkCupid, Coffee Meets Bagel, and Jack’d, all suffered an array of security incidents.
TechCrunch reported on Sunday that OkCupid has been dealing with a rise in account takeovers. Hackers are then hackers changing the account email address and password, making it near impossible for the real users to regain control of their profiles while the hackers are busy using the stolen identities for scams. OkCupid is adamant that the hostile takeovers are the result of a third party hack where the client reused passwords that were stolen elsewhere. Regardless, OkCupid has stated that they are always exploring ways to increase their security.
Coffee Meets Bagel suffered an actual security breach of personal information. It detected the unauthorized access to users’ names and email addresses prior to May 2018. The company is engaged in a thorough review of the incident and working with law enforcement. Though minor compared to other possible protected information, user names and emails are still risky as they can be utilized by hackers for further mayhem and schemes.
Jack’d, by contrast to Coffee Meets Bagel’s minor breach, had a significant privacy issue. The site claims to have over five million users and ALL of the photos of those users were open to the internet. Even the ones marked private. A misconfigured Amazon Web Services data repository is to blame, leaving an unencrypted connection to the image storage cloud wide open to the world. Other user information was also exposed. The company fixed the bug on February 7, after nearly a year of being alerted to the situation. Mark Girolamo, CEO of Jack’d, has stated that the issue is now fully resolved.
“Dating sites are designed by default to share a ton of information about you; however, there’s a limit to what should be shared,” says David Kennedy, CEO of the threat tracking firm Binary Defense Systems to Wired.com. “And often times these dating sites provide little to no security, as we have seen with breaches going back several years from these sites.” Kennedy also said that we can expect to continue to see issues with social media and dating site security in the future.