TSMC Japan's Second Fab to Produce 3nm Chips by 2028 
Rubio Directs U.S. Diplomats to Use X and Military Psyops to Counter Foreign Propaganda 
California's AI Executive Order Pushes Responsible Tech Use in State Contracts 
OpenAI Pulls the Plug on Sora, Ending $1 Billion Disney Partnership 
NVIDIA's Feynman AI Chip May Face Redesign Amid TSMC Capacity Crunch 
Federal Judge Blocks Pentagon's Blacklisting of AI Company Anthropic 
Annie Altman Amends Sexual Abuse Lawsuit Against OpenAI CEO Sam Altman 
SK Hynix Eyes Up to $14 Billion U.S. IPO to Fund AI Chip Expansion 
Meta and Google just lost a landmark social media addiction case. A tech law expert explains the fallout 
Elliott Investment Management Takes Multibillion-Dollar Stake in Synopsys 
Reflection AI Eyes $25 Billion Valuation in Massive $2.5 Billion Funding Round 
Apple Turns 50: From Garage Startup to AI Crossroads 
Makemation: a Nollywood movie that shows AI in action in Africa 
Nanya Technology Shares Surge 10% After $2.5 Billion Private Placement from Sandisk and Cisco 
Microsoft Eyes $7B Texas Energy Deal to Power AI Data Centers 
NASA's Artemis II Mission: First Crewed Lunar Journey Since Apollo 
Golden Dome Missile Defense: Anduril and Palantir Join Forces on Trump's $185B Space Shield 
With stay-at-home recommendations still in place in many parts of the world, the demand for dating apps has likely spiked. This also means that online dating platforms became another rich field for cybercriminals, so it is quite concerning when security researchers reported significant vulnerabilities found on the OkCupid app that caters to more than 50 million users.
OkCupid security flaws discovered by researchers
Check Point Research spotted some vulnerabilities on the OkCupid app that may have “allowed attackers to” control an account to some degree. The security issues could have led to the stealing of personal information, private data, and authentication tokens.
The researchers reverse-engineered OkCupid v.40.3.1 on an Android 6.0.1 device and found that it has a deep link function allowing a hacker to inject malicious links to execute an attack. Check Point also discovered that the OkCupid main domain could have been compromised using reflected cross-site scripting (XSS), an attack that hackers utilize to access a user’s cookies by injecting malicious scripts on a vulnerable website.
They were then able to prove that the security flaws would have let hackers steal profile data that users provide upon signing up on OkCupid. The vulnerability also made it possible to steal authentication tokens, send messages on behalf of the users, and collect other sensitive data such as email addresses for exfiltration. However, Check Point confirmed a complete account takeover was not possible because the cookies still had some protection.
OkCupid says no account was compromised, vulnerabilities fixed
Like any decent security research firm, Check Point informed OkCupid of the flaws of its app and domain before publishing their study. At the time of publication, Check Point noted that OkCupid has already “responsibly deployed” a fix on the issues they identified. The online dating platform assured the researchers, “Not a single user was impacted by the potential vulnerability on OkCupid, and we were able to fix it within 48 hours.”
OkCupid users, on the other hand, should also be aware of the basic methods to protect themselves online. It is always advised to use strong passwords and to not give away too much personal information on a dating app. It is also best to always have the latest version of any app to ensure they carry the latest security updates as well.
