Tech Vigil an unique Technology Blog

Users whinge of account hacks, but OkCupid denies a information breach

It’s bad enough that dating websites are a pit of exaggerations and inevitable unhappiness, they’re adding a warm goal for hackers.

Dating websites aren’t considered the goldmine of private statistics like banks or hospitals, however, they’re nevertheless an intimate a part of millions of people’s lives and have lengthy been inside the attractions of hackers. If the hackers aren’t hitting the again-quit database like with the AdultFriendFinder, Ashley Madison and Zoosk breaches, the hackers try to spoil in via the front door with leaked or guessed passwords.

That’s what seems to be happening with a few OkCupid money owed.

A reader contacted TechCrunch after his account turned into hacking. The reader, who did no longer need to be named, stated the hacker broke in and modified his password, locking him out of his account. Worse, they changed his email address on the report, stopping him from resetting his password.

OkCupid didn’t send an email to verify the address alternate — it simply blindly standard the alternate.

“Unfortunately, we’re now not able to provide any information about accounts not linked on your e-mail address,” stated OkCupid’s customer service in reaction to his complaint, which he forwarded to TechCrunch. Then, the hacker started harassing him with unusual text messages from his cellphone quantity that become lifted from one of his personal messages.

It wasn’t an remoted case. We discovered numerous cases of people saying their OkCupid account has been hacked.

Another consumer we spoke to in the end got his account back. “It became pretty the warfare,” he said. “It turned into two days of steady harm manipulate until [OkCupid] sooner or later reset the password for me.”

Other users we spoke to had better success in getting their debts returned. One man or woman didn’t trouble, he said. Even disabled debts may be re-enabled if a hacker logs in, a few users determined.

But several customers couldn’t provide an explanation for how their passwords — specific to OkCupid and now not used on any other app or site — have been inexplicably acquired.

“There has been no security breach at OkCupid,” said Natalie Sawyer, a spokesperson for OkCupid. “All websites constantly revel in account takeover tries. There has been no boom in account takeovers on OkCupid.”

Even on OkCupid’s personal help pages, the corporation says that account takeovers regularly take place due to the fact someone has an account owner’s login facts. “If you operate the same password on several one of a kind sites or offerings, then your accounts on they all have the capability to be taken over if one website has a protection breach,” says the support page.

That describes credential stuffing, a method of going for walks sizeable lists of usernames and passwords in opposition to a website to see if a mixture lets the hacker in. The simplest, handiest manner in opposition to credential stuffing is for the user to apply a unique password on every web page. For corporations like OkCupid, the opposite effective blocker is with the aid of permitting customers to exchange on -issue authentication.

When asked how OkCupid plans to prevent account hacks within the destiny, the spokesperson stated the enterprise had “no in addition comment.”

In truth, when we checked, OkCupid became simply certainly one of many principal courting websites — like Match, PlentyOfFish, Zoosk, Badoo, JDate, and eHarmony — that didn’t use two-component authentication in any respect.

As if the relationship wasn’t difficult enough on the high-quality of instances, now you have to guard your self against hackers, too.