Intel’s Testing of China-Linked Chipmaking Tools Raises U.S. National Security Concerns 
Oracle Stock Surges After Hours on TikTok Deal Optimism and OpenAI Fundraising Buzz 
Moore Threads Stock Slides After Risk Warning Despite 600% Surge Since IPO 
EU Court Cuts Intel Antitrust Fine to €237 Million Amid Long-Running AMD Dispute 
Micron Technology Forecasts Surge in Revenue and Earnings on AI-Driven Memory Demand 
SpaceX Edges Toward Landmark IPO as Elon Musk Confirms Plans 
SK Hynix Considers U.S. ADR Listing to Boost Shareholder Value Amid Rising AI Chip Demand 
Apple Opens iPhone to Alternative App Stores in Japan Under New Competition Law 
OpenAI Explores Massive Funding Round at $750 Billion Valuation 
noyb Files GDPR Complaints Against TikTok, Grindr, and AppsFlyer Over Alleged Illegal Data Tracking. 
Republicans Raise National Security Concerns Over Intel’s Testing of China-Linked Chipmaking Tools 
Amazon in Talks to Invest $10 Billion in OpenAI as AI Firm Eyes $1 Trillion IPO Valuation 
SUPERFORTUNE Launches AI-Powered Mobile App, Expanding Beyond Web3 Into $392 Billion Metaphysics Market 
MetaX IPO Soars as China’s AI Chip Stocks Ignite Investor Frenzy 
iRobot Files for Chapter 11 Bankruptcy Amid Rising Competition and Tariff Pressures 
Trello Outage Disrupts Users as Access Issues Hit Atlassian’s Work Management Platform 
With stay-at-home recommendations still in place in many parts of the world, the demand for dating apps has likely spiked. This also means that online dating platforms became another rich field for cybercriminals, so it is quite concerning when security researchers reported significant vulnerabilities found on the OkCupid app that caters to more than 50 million users.
OkCupid security flaws discovered by researchers
Check Point Research spotted some vulnerabilities on the OkCupid app that may have “allowed attackers to” control an account to some degree. The security issues could have led to the stealing of personal information, private data, and authentication tokens.
The researchers reverse-engineered OkCupid v.40.3.1 on an Android 6.0.1 device and found that it has a deep link function allowing a hacker to inject malicious links to execute an attack. Check Point also discovered that the OkCupid main domain could have been compromised using reflected cross-site scripting (XSS), an attack that hackers utilize to access a user’s cookies by injecting malicious scripts on a vulnerable website.
They were then able to prove that the security flaws would have let hackers steal profile data that users provide upon signing up on OkCupid. The vulnerability also made it possible to steal authentication tokens, send messages on behalf of the users, and collect other sensitive data such as email addresses for exfiltration. However, Check Point confirmed a complete account takeover was not possible because the cookies still had some protection.
OkCupid says no account was compromised, vulnerabilities fixed
Like any decent security research firm, Check Point informed OkCupid of the flaws of its app and domain before publishing their study. At the time of publication, Check Point noted that OkCupid has already “responsibly deployed” a fix on the issues they identified. The online dating platform assured the researchers, “Not a single user was impacted by the potential vulnerability on OkCupid, and we were able to fix it within 48 hours.”
OkCupid users, on the other hand, should also be aware of the basic methods to protect themselves online. It is always advised to use strong passwords and to not give away too much personal information on a dating app. It is also best to always have the latest version of any app to ensure they carry the latest security updates as well.
