Online daters could be giving away more than they expected after a popular dating site was found to be leaking user information.
OKCupid, which has around five million active members, was leaking user information online without its knowledge, according to researchers at CyberNews.
The team found that it was possible to retrieve the last location ID of any OKCupid user, allowing anyone to possible determine where a user was logging in to the site, potentially giving away their home or work address.
The CyberNews team was able to access this location data by intercepting network requests and responses between the OKCupid app and the company’s servers using MITM (Man in The Middle) Proxy processes.
Getting access to these server responses allowed the researchers to access the last known location IDs of a user. This information is updated every time a user logs in to the OKCupid app, with their online status displayed in the app itself.
By carrying out such a process multiple times, the team was able to triangulate findings to precisely determine the victim’s location to within a 10 to 20 metre radius.
CyberNews says it shared its findings with OKCupid back in January, but there’s no update as yet if the company has fixed the exact flaws it mentioned. Further research by CyberNews appeared to show that location ID tracking had been removed, but if so, it’s not known how long the flaw was online for, and how many of the millions of OKCupid users were put at risk.
As part of its research, centred around International Women’s Day this weekend, CyberNews also found that 88% of women have ‘been harassed’ whilst using a dating app, and over 7 in 10 women fear being stalked by someone they’re talking to online.