Alphabet Stock Slides as AI Talent Exodus and SpaceX Losses Shake Investor Confidence 
WiseTech Global Denies Knowledge of Investigation Into Founder Richard White 
OpenAI IPO Delay Weighs on SoftBank Shares as AI Valuation Concerns Grow 
World Cup technology: from ref cams to AI analysts, cutting-edge research is changing the game 
Tencent Reviews Marvelous Stake as Gaming Giant Reassesses Global Investment Strategy 
SpaceX Eyes Starlink Mobile Phone Service to Challenge Verizon, AT&T, and T-Mobile 
How AI prompting turned writerly description into an everyday skill 
SpaceX Stock Rebounds After Sharp Selloff, But Valuation Concerns Persist 
Kioxia Targets U.S. Listing as AI Chip Boom Accelerates 
Samsung, SK Hynix to Unveil Record AI and Semiconductor Investment Plans Worth Over $646 Billion 
Today’s space race could turn fatal if we don’t agree on new rules 
SK Hynix Targets $29.4 Billion Nasdaq Listing to Expand AI Chip Business 
Doncasters Raises $919 Million in NYSE IPO as Aerospace Growth Accelerates 
Apple Supplier Stocks Slide as Samsung, SK Hynix Lead Selloff After Apple Price Hikes 
Trump’s Quantum Push Lifts IBM Stock as CEO Arvind Krishna Receives White House Praise 
Oracle Cuts 21,000 Jobs as AI Reshapes Workforce and Cloud Expansion Accelerates 
With stay-at-home recommendations still in place in many parts of the world, the demand for dating apps has likely spiked. This also means that online dating platforms became another rich field for cybercriminals, so it is quite concerning when security researchers reported significant vulnerabilities found on the OkCupid app that caters to more than 50 million users.
OkCupid security flaws discovered by researchers
Check Point Research spotted some vulnerabilities on the OkCupid app that may have “allowed attackers to” control an account to some degree. The security issues could have led to the stealing of personal information, private data, and authentication tokens.
The researchers reverse-engineered OkCupid v.40.3.1 on an Android 6.0.1 device and found that it has a deep link function allowing a hacker to inject malicious links to execute an attack. Check Point also discovered that the OkCupid main domain could have been compromised using reflected cross-site scripting (XSS), an attack that hackers utilize to access a user’s cookies by injecting malicious scripts on a vulnerable website.
They were then able to prove that the security flaws would have let hackers steal profile data that users provide upon signing up on OkCupid. The vulnerability also made it possible to steal authentication tokens, send messages on behalf of the users, and collect other sensitive data such as email addresses for exfiltration. However, Check Point confirmed a complete account takeover was not possible because the cookies still had some protection.
OkCupid says no account was compromised, vulnerabilities fixed
Like any decent security research firm, Check Point informed OkCupid of the flaws of its app and domain before publishing their study. At the time of publication, Check Point noted that OkCupid has already “responsibly deployed” a fix on the issues they identified. The online dating platform assured the researchers, “Not a single user was impacted by the potential vulnerability on OkCupid, and we were able to fix it within 48 hours.”
OkCupid users, on the other hand, should also be aware of the basic methods to protect themselves online. It is always advised to use strong passwords and to not give away too much personal information on a dating app. It is also best to always have the latest version of any app to ensure they carry the latest security updates as well.
