Report: Dating sites are open season for the lovelorn & hackers

Are online dating services safe and secure for casual users? It's complicated, says the Electronic Frontier Foundation. A new investigation by the non-profit group into the fine print and code behind some of the web's biggest dating sites reveals that users could have more than their hearts stolen by a stranger.

ADVERTISEMENT

Beside the usual array of privacy loopholes that could lead to your personal information winding up in the hands of marketing firms, profile hijacking and Google indexing are very real threats.

The EFF found that the lack of HTTPS support at most online dating sites, including OKCupid.com, leaves everything transmitted through the service - intimate messages, pictures and viewing history - easily accessible by a third party with the technical know-how.

A survey of eight top online dating sites revealed only Zoosk offered HTTPS by default. The service also blocks mixed content, which helps prevent HTTPS circumvention, explained the EFF. Additionally, just three of the vetted sites were clear that they delete user data following account cancellation. How the remaining five handled axed accounts was either "vague" or "not discussed."

ADVERTISEMENT

Account security was another sticking point. The EFF said mobile dating apps contain "gaping security holes" which are easily exploited and may lead to impersonation. The researchers pointed to a case last month where an Australian hacker found a vulnerability that let him log into Grindr and impersonate users. The app is a GPS-enabled meeting ground for gay men.

"Use protection" takes on a whole other meaning in cyber space. (via Threat Post)

No posts to display