It’s dangerous sufficient that courting websites are a pit of exaggerations and inevitable disappointment, they’re additionally a scorching goal for hackers.
Courting websites aren’t thought-about the goldmine of non-public data like banks or hospitals, however they’re nonetheless an intimate a part of hundreds of thousands of individuals’s lives and have lengthy been within the sights of hackers. If the hackers aren’t hitting the back-end database like with the AdultFriendFinder, Ashley Madison, and Zoosk breaches, the hackers try break in via the entrance door with leaked or guessed passwords.
That’s what seems to be taking place with some OkCupid accounts.
A reader contacted TechCrunch after his account was hacked. The reader, who didn’t wish to be named, mentioned the hacker broke in and adjusted his password, locking him out of his account. Worse, they modified his e mail tackle on file, stopping him from resetting his password.
OkCupid didn’t ship an e mail to verify the tackle change — it simply blindly accepted the change.
“Sadly, we’re not capable of present any particulars about accounts not related to your e mail tackle,” mentioned OkCupid’s customer support in response to his criticism, which he forwarded to TechCrunch. Then, the hacker began harassing him unusual textual content messages from his telephone quantity that was lifted from one in all his non-public messages.
It wasn’t an remoted case. We discovered a number of instances of individuals saying their OkCupid account had been hacked.
One other consumer we spoke to ultimately received his account again. “It was fairly the battle,” he mentioned. “It was two days of fixed harm management till [OkCupid] lastly reset the password for me.”
Different customers we spoke to had higher luck than others in getting their accounts again. One individual didn’t hassle, he mentioned. Even disabled accounts will be re-enabled if a hacker logs in, some customers discovered.
However a number of customers couldn’t clarify how their passwords — distinctive to OkCupid and never used on every other app or web site — have been inexplicably obtained.
“There was no safety breach at OkCupid,” mentioned Natalie Sawyer, a spokesperson for OkCupid. “All web sites consistently expertise account takeover makes an attempt. There was no enhance in account takeovers on OkCupid.”
Even on OkCupid’s personal help pages, the corporate says that account takeovers typically occur as a result of somebody has an account proprietor’s login data. “In case you use the identical password on a number of totally different websites or providers, then your accounts on all of them have the potential to be taken over if one web site has a safety breach,” says the help web page.
That’s describes credential stuffing, a method of working an unlimited lists of usernames and passwords towards an internet site to see if a mix lets the hacker in. The simplest, only means towards credential stuffing is for the consumer to make use of a novel password on every web site. For corporations like OkCupid, the opposite efficient blocker is by permitting customers to change on two-factor authentication.
When requested how OkCupid plans to forestall account hacks sooner or later, the spokesperson mentioned the corporate had “no additional remark.”
Actually, after we checked, OkCupid was simply one in all many main courting websites — like Match, PlentyOfFish, Zoosk, Badoo, JDate, and eHarmony — that didn’t use two-factor authentication in any respect.
As if courting wasn’t robust sufficient at the very best of instances, now it’s important to defend your self from hackers, too.