Imagine for a second that as a normal human being. You install a dating app and subscribe to its service, to get on the hunt for a loving partner (or plain adventure).
Find out that the service provider has been hacked.
And now your sensitive information is out there, on the public eye.
How would you feel? What if I tell you that this happens?
That it just happened not long ago with famous dating and meeting platforms?
7+ Dating Apps & Services Promote Safe Sex (But Not Safe Usage)
Before mentioning which companies are responsible for significant data leaks…
Let’s talk a little bit about how this happens in the first place.
It seems to be a typical “thing” that Dating apps and services don’t follow cybersecurity’s best practices. And they have proven to cause significant psychological and financial damage to its now distrustful users.
With all of the leaked information, criminals could extort and bully their victims.
What type of personal information do these platforms share (that get leaked to the hacker’s will)?
Private messages, Partner preferences, Banking credentials, among others.
Take into account that most well-known companies fit into this record list. It’s now the matter of tracks that are genuinely safe for usage.
Want proof of this?
Major Database Leak of Dating Services
vpnMentor discovered that three S3 Amazon Web Services (AWS) were leaking user’s private information from dating websites: Photos, usernames, voice and audio recordings, private chats, and financial data.
“Where it happened?” – You may ask.
The list includes GHunt, 3somes, Xpal, SugarD & CougarD, among many others.
This event had the potential scale enough, as the AshleyMadison disaster.
Remember the Ashley Madison Breach? In 2015, this partner-seeking website was hacked, dropping information for about 32 million users, that were posted for sale on the dark web.
The sextortion and blackmail campaigns continued to terrorize its victim for five consecutive years. Nobody wants their dirty secrets exposed to friends and family.
Emails sent asked for a ransom. That in consequence, they would reveal all the information. But this was long ago. So, it couldn’t happen again, right?
Well…
OkCupid is the Most Recent Victim
Security issues let hackers spy on users over the OkCupid platform.
The flaws that made it possible were related to the Web and Android applications.
A different vulnerability was found on the setting’s functionality, with an open hole to inject malicious JavaScript code.
This XSS attack was executed through a manipulated server that not only was stealing authentication tokens but profile data, as well as user preferences.
The flaws were identified with the release of the 40.3.1 Android app version (April 29, 2020).
Since then, the owner company has stated that “the potential vulnerability impacted not a single user.” Is this true? Hard to know.
What we know by now is that they weren’t the only App maker that suffered targeted attacks recently.
Dating Apps Share Your Current Location
Many mobile dating apps shared a particular vulnerability related to the “Location” feature.
You see, it turns out that hackers are capable of watching over a user’s live-location (exposed to harassment and persecution) by exploiting spoofing requests to the app’s servers.
Expert researches demonstrated how they could track Grindr’s users (most popular gay dating app). They showed how far away those using the service were at the moment.
How does it work? The app gets data from different sources to get a highly-precise distance measurement. So, the researchers just had to send requests to the app’s servers, and get estimates of the target’s distance.
It’s 100% possible to calculate someone’s exact location by its triangulation.
The jumped to fix this loophole in some countries, but it’s currently open in others. They have confirmed that they do not have plans to change it.
According to the team, it’s because “the location finding system is a core function and not a security flaw.”
Summary
Hey, I know what you’re thinking.
You aren’t an active user of any dating app or meeting service…
Or you probably are (don’t worry, I don’t judge!)
Either way, the purpose of today’s article is to be aware that there aren’t limits to cybercriminals. They’re as dirty as dangerous.
Being said, there’s a slight chance that you are curious about the many threats that await to hunt you down (with your family and business).
Is there something we can do for you? You can ask or request anything that comes to mind!