Tell Me Where Your Love Lies

For all of you online daters, beware.  New research has found that several vulnerabilities are being exploited by hackers.  They are taking advantage of opportunities to view people’s matches, profiles, and personal information.  More concerning is the hacker’s access to the private conversations. Some of which could lead to extortion or embarrassment no one bargained for when purchasing their subscription.

Online dating apps are the modern 21st-century matchmakers.  Using the dating apps is rather convenient for busy young professionals who potentially have the time to socialize as often as they might desire.  Most, if not all, millennials are familiar with this way of communicating and meeting potential suitors. They use Tinder, Bumble, Hinge, OK Cupid – just a few of the popular apps.

To sign up, you can either use social logins related to Facebook or an email account. The shortcut of a social login through the app accesses known data to pull basic information such as name, age, location, job, and photos.  The app and the social login are convenience personified.

Android

Android users got the short end of the stick when it comes to vulnerabilities in dating apps.  The most dangerous exploits impact their devices. Hackers were found breaking into Android phones allowing them to become superusers.  This gave the hacker full control and access to the phone on demand. The hack gives superusers full access to all the dating apps on the device, which entails allows the viewing of messages, communications and personal demographics.  And, to make matters worse, the more experienced hackers can track your social media accounts based on a specified place of work or study.

I Know Where You Were Last Night?

Only six out of nine popular dating apps keep your location under lock and key.  The others give users the option to increase or decrease their location preference.  Hinge, for instance, will directly show you how far away the person you have matched with lives.  So, when you are moving around, the data is logged between you two. Leaked location information makes you the perfect “prey” for a potential stalker.  Researchers specifically found that several apps including Tinder, Mamba, Zoosk, Happn, WeChat, and Paktor have digital holes permitting involuntary leaking of location data.  

The “Don’t” of Dating Apps

Dating apps may be making hacking easier for would be attackers.  Dating Apps vulnerabilities are a pathway to your life you may not wish to reveal.  This is also true for businesses. Bring Your Own Device programs have been linked to the leaking of sensitive corporate data.  They employee was not attempting to do nefarious things. However, employees became the insider threat because they did not use simple cyber hygiene methods.

Kaspersky examined nine such apps and found they were susceptible to man-in-the-middle attacks and put private messages and access tokens at risk.  In addition, researchers were able to identify 60% of users’ pages on various social media, including Facebook and LinkedIn, as well as their full names and surnames using information from popular dating apps.

Using your dating app on an unprotected WiFi network is one of the quickest ways to get hacked.  You might as well go up to a random person and give them your login credentials. Anyone can take advantage of a public WiFi, hence the name public.  Private networks have a wall of protection that hackers would have to first break through in order to access your information. That is time consuming and most of them will shy away from doing so.  

Who Are You, Really?

Don’t link your social media accounts to your dating profiles!  If someone wants to know more about you, they can simply ask. This is of course after you have matched with them.  Disclosures should be your choice.  Linking social media accounts gives criminals an insider scoop to your personal life, which they can use to exploit more personal information.

And lastly, absolutely do not, under no circumstances provide your email address – either personal or work.  We use our email addresses for a plethora of things – personal conversations, receipts, confirmations, calendars etc.  If a hacker gains access to your dating account, they can also enter your e-mail and use forms of social engineering on friends and family.