Security News > 2020 > July > It's not OK, Cupid: Security flaws could expose user data and more
Research from Check Point Software have discovered a number of vulnerabilities in online dating service OK Cupid's mobile app and website that could allow attackers to not only steal personal data, but take actions on a user's behalf as well.
The OKCupid mobile app makes extensive use of deep linking, which involves sending a user directly to an internally linked page without their realizing it.
The mobile app is also vulnerable to reflected cross-site scripting attacks, allowing an attacker to inject its own code into the link that retrieves user profile settings.
Check Point concludes that its research highlights serious risks with using even the most established and popular apps in a market like online dating: Despite having been around for years, OKCupid was still overlooking essential elements of user privacy and security.
"The dire need for privacy and data security becomes far more crucial when so much private and intimate information is being stored, managed, and analyzed in an app," the report said.