OkCupid Snafu Raises Online Dating Privacy Alarm

OkCupid this week debuted a new mobile app that sets up blind dates by supplying likely matches for users who plug in a time and venue.

As it turned out, though, Crazy Blind Date was doing more than just sending hopeful singles to a meet-up. Shortly after its launch, The Wall Street Journal identified a security flaw that made users’ email addresses and birth dates accessible to anyone with enough tech savvy to uncover them.

The WSJ notified OkCupid, which reportedly patched the glitch within hours and told the Journal that it didn’t see evidence of anyone having taken advantage of the vulnerability.

OkCupid did not respond to our request to comment for this story.

Your Private Parts Exposed

Aside from those offered by financial services, mobile apps are known for their lax approach to security and privacy. However, it is particularly ironic that this latest security lesson is being driven home by an online dating site — a place where people should be particularly careful with their personal details.

“You have to divulge bits of who you are to get a date — that’s part of the deal — but this posed serious risk of overexposing members,” said Sarah Downey, attorney and privacy analyst for Abine.

“The fact that so much personal information could be exposed is pretty unsettling and should serve as a wake-up call to the millions of people who trust online dating sites with their most personal information,” she told TechNewsWorld.

Every free online service is rife with scams and fraudulent users whose sole purpose is to get you to disclose private information, said Tim ‘TK’ Keanini, chief research officer for nCircle.

However, cybercriminals love online dating services in particular, because people are emotionally vulnerable and therefore they are easy prey,” he told TechNewsWorld.

OkCupid attempts to educate its community with safety tips, Keanini noted, but site users have to read, understand and apply these tips for them to be effective.

“Unfortunately, the reality is that the vast majority of people have to get burned before they take online safety seriously,” he observed.

If there’s one place to take online security seriously, it’s dating sites, Keanini warned. “In these forums, more than any other online venue, privacy threats can translate directly to physical threats.”

First, Choose Wisely

People can still use online dating sites, Downey said — they just have to select them carefully.”Choosing a dating site is like choosing a date: You have to screen out the bad ones before you go with one you like.”

Prospective users should look at the privacy policy, particularly how it deals with third parties like advertisers or affiliates, she suggested. Dig into whether the site is sharing data with others, and if so, find out what it is sharing. Other questions to investigate are whether the site lets you delete your data, and if so, whether it is really gone or simply hidden from view. Find out how long the site stores user data.

It’s a good idea to consider how much information the site asks you to provide before you sign up, Downey recommended. If it feels like too much, you may want to use an alias.

In short, just as you would exercise caution with a new date, don’t overshare with a website, she said.

“People get to know and trust each other by gradually revealing more about themselves, and you should treat dating websites the same way,” cautioned Downey. “Don’t fill in every optional field just because you can. Leave some things to the imagination.”

Leave a Comment

Please sign in to post or reply to a comment. New users create a free account.

Technewsworld Channels