Everything That You Need to know about OkCupid Data Breach

Dating apps are great and help us in finding a potential partner and indeed it’s an incredible experience. However, we don’t always find a good match, but online scammers do.
Every year, top dating apps like OkCupid, Tinder, and Coffee Meets Bagel go against privacy policies, and leak users profile and chat data to the third-parties and advertisers.
Do you know that using an insecure dating app will comprise your most personal information?
When you create a profile on an unsecured dating app, all your provided information may leak. It includes your most intimate pictures, your name, address, location, and email, and account password.
It means that there are fewer chances that you’ll find a great match, but more chances of losing your private data.
The aim of my blog is to aware readers about online scams that happen while using cheap dating apps.
Also, it is vital to comprehend that when you’re online nothing is secure. You never know that the sites and apps which you’re using are 100% secure. Therefore, I would suggest you make use of online security tools.
Always try to put your security at first. No matter, if a site or an app claims to be totally secure, still just don’t trust and keep your online security weapons with you.
You should almost always connect to a VPN, update antivirus software, and use strong password protections. Besides that keep in mind that don’t unnecessarily click on the links or pages.
Most of the irrelevant ads links and pages contain malware that steals your information and sometimes throw viruses in your device.
All sites and applications claim to be 100% secure, but only a few follow online security measures.
In my today’s blog, I will explain to you the security flaws of one of the most popular dating apps named OkCupid.

What is OkCupid?

OkCupid is one of the biggest dating apps and social networking sites where people from around the world chat, and interact by creating their profile. It is a USA-based app that operates internationally.

How OkCupid took Digital Profiles on Stake?

We all love to put our stress aside and use a dating app to have some romance or a friendly-chat session. Unluckily, now we need to take another stress and that’s how to secure our online safety.
Some users notified that their OkCupid account has been hacked, but OkCupid was not in the mood to take those complaints seriously.
In fact, according to some sources, OkCupid was not even using the two-factor authentication for its users’ security.
According to an unnamed OKCupid user, his account was hacked by a hacker. The hacker accessed his account and changed his password and completely blocked his access to the account.
That’s not the only thing, the hacker also immediately changed the user’s email address on file which made it impossible for the user to claim password reset request.
The user didn’t find any confirmation email from OkCupid regarding email address change. The dating app just approved the email change without any user confirmation.
OkCupid user also notified his complaint to the customer support but in return, he received a response saying that “the team cannot provide any detail of an account that is not linked with your email”.

The hacker also started harassing the user by weird text messages on his phone number which he found from one of his personal messages. Some users successfully got back their account access since OkCupid accepted their request for resetting passwords.

OkCupid and the Check Point Research

After a massive slew of users hacked accounts, OkCupid acknowledged their servers’ security flaws and patch them.
The researchers at Check Point carried out detailed research to discover the application’s security flaws. According to the Check Point research, OkCupid android app and webpage both were vulnerable and got attacked.
However, according to the OkCupid, all the flaws were settled within 48 hours of detection and now, users’ privacy is safely maintained on their servers.
The main problem according to the Check Point research was with the OkCupid domain since it was vulnerable to the XXS (Cross-scripting attack).
When the researchers performed reverse-engineering on the OkCupid software, they found that the app is vulnerable and any hacker can deliver malicious links to the open mobile app.
It was also discovered that there were several coding issues that enable hackers to misuse the app’s user settings and made unnecessary changes for data exfiltration via JavaScript code.
It helped hackers to take over a user’s sensitive account details including email addresses, messages, pictures, and other profile details.
In this way, the hacker was able to access user ID and authorization token to change profile details or even send messages from the user’s account.
In short, the hacker could impersonate as the victim user and may perform all the actions which an OKCupid user was supposed to do. The hacker could potentially send messages or contact other users as well.

Dating Apps and Data Sharing

OkCupid was not the only dating app that was attacked and being hacked by hackers. Many dating platforms have experienced the same data breach. Mainly, the few were MobiFriends, Coffee Meets Bagel, Grindr and Tinder were also included in the list.
All of the mentioned services are operating with wrong privacy policies in which they take users ‘consent of sharing personal information to the third-parties for business or advertisement purposes.
It was also revealed by the ProPrivacy that Tinder and Match, both dating apps were gathering users’ chat and financial data and shared with advertisers and business partners for money-making in June 2019.
Usually, dating apps are free to form their privacy policies in which they take users’ consent for sharing the provided information. Unfortunately, we as a user never read, and just agree to the terms and conditions and that’s where the data breach begins.

How to keep your privacy from dating apps

If you want to use a dating app then first make your mind to only subscribe to an authentic and paid service. Paid services mostly take care of their users’ privacy because they earn through users.
Moreover, I will also suggest you install or update the antivirus program to keep yourself safe from malware or Trojans. Besides that, you should also search for the best VPN for France, the UK, the USA, or any country in which you’re living. A VPN will encrypt your internet connection and no hacker or ISP can see your online activities hence, no hacking attempts can take place.
In addition to the online security, you must be vigilant while creating your dating profile. I will suggest you to always add your nickname instead of a real name. Never send your phone number, email address, home address, or any other personal information in messages or while signing up.
Don’t turn on your location and if it’s necessary then try to enable it sparingly. Avoid sharing your qualification or professional information on dating or other online mediums because such information could prove to be personally identifiable information, and hackers may identify you through that. However, adding in a fake name and fake or limited information will save you from a data breach.


The usage of dating apps has been increased much more than ever before. People are openly sharing their private information online which is a major cause of the emerging data braches. Deploying cybersecurity tools like a VPN and antivirus software will be a great step to keep up your online security. It is also crucial to avoid adding private information on social accounts. All the mentioned steps are indispensable to keep you secure from online scams and the data breach that may occur when your account gets hacked.

Leave a Reply

Rate this article