OkCupid this week debuted a new mobile app that sets up blind dates by supplying likely matches for users who plug in a time and venue.
As it turned out, though, Crazy Blind Date was doing more than just sending hopeful singles to a meet-up. Shortly after its launch, The Wall Street Journal identified a security flaw that made users’ email addresses and birth dates accessible to anyone with enough tech savvy to uncover them.
The WSJ notified OkCupid, which reportedly patched the glitch within hours and told the Journal that it didn’t see evidence of anyone having taken advantage of the vulnerability.
OkCupid did not respond to our request to comment for this story.
Your Private Parts Exposed
Aside from those offered by financial services, mobile apps are known for their lax approach to security and privacy. However, it is particularly ironic that this latest security lesson is being driven home by an online dating site — a place where people should be particularly careful with their personal details.
“You have to divulge bits of who you are to get a date — that’s part of the deal — but this posed serious risk of overexposing members,” said Sarah Downey, attorney and privacy analyst for Abine.
“The fact that so much personal information could be exposed is pretty unsettling and should serve as a wake-up call to the millions of people who trust online dating sites with their most personal information,” she told TechNewsWorld.
Every free online service is rife with scams and fraudulent users whose sole purpose is to get you to disclose private information, said Tim ‘TK’ Keanini, chief research officer for nCircle.
However, cybercriminals love online dating services in particular, because people are emotionally vulnerable and therefore they are easy prey,” he told TechNewsWorld.
OkCupid attempts to educate its community with safety tips, Keanini noted, but site users have to read, understand and apply these tips for them to be effective.
“Unfortunately, the reality is that the vast majority of people have to get burned before they take online safety seriously,” he observed.
If there’s one place to take online security seriously, it’s dating sites, Keanini warned. “In these forums, more than any other online venue, privacy threats can translate directly to physical threats.”
First, Choose Wisely
People can still use online dating sites, Downey said — they just have to select them carefully.”Choosing a dating site is like choosing a date: You have to screen out the bad ones before you go with one you like.”
It’s a good idea to consider how much information the site asks you to provide before you sign up, Downey recommended. If it feels like too much, you may want to use an alias.
In short, just as you would exercise caution with a new date, don’t overshare with a website, she said.
“People get to know and trust each other by gradually revealing more about themselves, and you should treat dating websites the same way,” cautioned Downey. “Don’t fill in every optional field just because you can. Leave some things to the imagination.”