Cybersecurity and Dating Applications

The prominence of the internet has permeated most industries. One notable example is dating applications. These provide the opportunity for people to meet based on personal choices. There are many choices for this with consenting adults. One of these, OKCupid, had the opportunity to practice implementing their incident response plan with expertise! Of the population of industries to attack, what makes the dating applications an attractive target is the data they hold. This may include the names, email addresses, possibly payment information, and other pertinent data. This may be sold on the dark web, but also possibly used for credential stuffing.

Attack

This was a successful attack. A portion of OKCupid’s user accounts appears to have been compromised. The users did state their accounts had been accessed by an unauthorized party and the password had been changed along with the email address for the account. Effectively, this locked the users out of their own accounts. This does appear to be a credential stuffing attack. OKCupid has stated there had been no hacking of the user accounts. This may actually be the case, as the accounts taken over were sporadic, and without a trend. This may have been simply due to user negligence.

Could have, would have, and should have

To decrease the opportunity for this to happen to other organizations, there are a few things the business could do. These are relatively simple, yet effective. One is to have the system set up so that when there is a change in the account, the user receives an email prior to this taking effect. This would serve to notify the user, in case of an attack, of what is occurring with their account. The organization could also use MFA (multi-factor authentication) to assist with this. Generally, there is a cost with this, however, this is used by many businesses and works well.

Resources

Cyware. (2019, February 12). Dating site OKCupid potentially hit by a credential stuffing attack. Retrieved from https://cyware.com/news/dating-stie-okcupid-potentially-hit-by-a-credential-stuffing-attack-6aa9e21f

Dark Reading Staff. (2019, February 11). OKCupid denies data breach amid account hack complaints. Retrieved from https://www.darkreading.com/endpoint/okcupid-denies-data-breach-amid-account-hack-complaints/d/d-id/1333842

Information Security Buzz. (2019, February 12). OKCupid hit by hackers. Retrieved from https://www.itsecuritynews.info/okcupid-hit-by-hackers/

PYMNTS. (2019, February 11). OKCupid user accounts are hacked. Retrieved from https://www.pymnts.com/news/security-and-risk/2019/okcupit-user-accounts-hacked/

Security Experts. (2019, February). OKCupid hit by hackers. Retrieved from http://www.hackbusters.com/news/stories/4348667-okcupid-hit-by-hackers

Security Experts. (2019, February 12). OKCupid hit by hackers. Retrieved from https://www.informationsecuritybuzz.com/expert-comments/okcupid-hit-by-hackers/#disqus_thre

About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries

.The prominence of the internet has permeated most industries. One notable example is dating applications. These provide the opportunity for people to meet based on personal choices. There are many choices for this with consenting adults. One of these, OKCupid, had the opportunity to practice implementing their incident response plan with expertise! Of the population of industries to attack, what makes the dating applications an attractive target is the data they hold. This may include the names, email addresses, possibly payment information, and other pertinent data. This may be sold on the dark web, but also possibly used for credential stuffing. AttackThis was a successful attack. A portion of OKCupid’s user accounts appears to have been compromised. The users did state their accounts had been accessed by an unauthorized party and the password had been changed along with the email address for the account. Effectively, this locked the users out of their own accounts. This does appear to be a credential stuffing attack. OKCupid has stated there had been no hacking of the user accounts. This may actually be the case, as the accounts taken over were sporadic, and without a trend. This may have been simply due to user negligence. Could have, would have, and should haveTo decrease the opportunity for this to happen to other organizations, there are a few things the business could do. These are relatively simple, yet effective. One is to have the system set up so that when there is a change in the account, the user receives an email prior to this taking effect. This would serve to notify the user, in case of an attack, of what is occurring with their account. The organization could also use MFA (multi-factor authentication) to assist with this. Generally, there is a cost with this, however, this is used by many businesses and works well. ResourcesCyware. (2019, February 12). Dating site OKCupid potentially hit by a credential stuffing attack. Retrieved from https://cyware.com/news/dating-stie-okcupid-potentially-hit-by-a-credential-stuffing-attack-6aa9e21fDark Reading Staff. (2019, February 11). OKCupid denies data breach amid account hack complaints. Retrieved from https://www.darkreading.com/endpoint/okcupid-denies-data-breach-amid-account-hack-complaints/d/d-id/1333842Information Security Buzz. (2019, February 12). OKCupid hit by hackers. Retrieved from https://www.itsecuritynews.info/okcupid-hit-by-hackers/PYMNTS. (2019, February 11). OKCupid user accounts are hacked. Retrieved from https://www.pymnts.com/news/security-and-risk/2019/okcupit-user-accounts-hacked/Security Experts. (2019, February). OKCupid hit by hackers. Retrieved from http://www.hackbusters.com/news/stories/4348667-okcupid-hit-by-hackersSecurity Experts. (2019, February 12). OKCupid hit by hackers. Retrieved from https://www.informationsecuritybuzz.com/expert-comments/okcupid-hit-by-hackers/#disqus_thre About the Author - Charles Parker, II has been working in the info sec field for over a decade, performing pen tests, vulnerability assessments, consulting with small- to medium-sized businesses to mitigate and remediate their issues, and preparing IT and info sec policies and procedures. Mr. Parker’s background includes work in the banking, medical, automotive, and staffing industries.

Check back soon

Once posts are published, you’ll see them here.

Cybersecurity and Medical Devices

Cybersecurity and Linux SSH Servers

Cybersecurity and the Auto Industry

Cybersecurity and the Energy Sector

Cybersecurity and Costs

Cybersecurity and Electronic Health Records

Cybersecurity and IoMT

Cybersecurity and Obscurity

Cybersecurity and New Devices and Old Problems

Cybersecurity and the Diversity of Data

No tags yet.

Cybersecurity and Dating Applications

Featured Posts

Recent Posts

Archive

Search By Tags

Follow Us