As the stigma around online dating begins to fade, an increasing number of young (and older) Americans are wading out into the sometimes turbulent waters of sites and apps like OKCupid, Match.com, and Tinder. In fact, 15 percent of our nation’s inhabitants now say they’ve used some sort of digital matchmaking tool, which means that a lot of these sites and apps have a lot of people’s personal information. Sure, signing up for Tinder isn’t quite like applying for a credit card, but it should still be noted that many of these online dating services collect quite a bit of data on its users. And according to recent research from security provider Seworks and security tech company UpGuard, dating apps are ripe for the picking when it comes to the next big hack.
This Valentine’s Day, Pew Research estimated that some 38 percent of U.S. singles had a profile on a dating site or app. But according to Min-Pyo Hong of Seworks, these services are all extremely vulnerable to attack. Last Month, Hong and his team reviewed five “top dating apps,” and found that “all were vulnerable to hacking, containing exploits that would enable breaches similar to the infamous attack on Snapchat … or … the leaking of users’ data from an HIV-positive dating app.” And while Hong did not disclose which apps his team analyzed in his guest post for VentureBeat, he noted that “the two very most popular we analyzed have been downloaded between 10 million and 100 million times from Google Play alone.”
Key to Seworks findings were the fact that all five of the apps were 100 percent decompilable, which Hong explains as “a process that enables hackers to reverse engineer and compromise an app.” Worse yet, “none of the dating apps [they] analyzed had protections to prevent or delay unauthorized decompiling,” and one of the apps “was not using secure communications, making it easy for hackers to intercept data being exchanged between the app and the server.” And perhaps most alarming was the fact that the source code of these apps was obfuscated, or in plain text. Some of this text included “hard-coded key values, website addresses, and other critical information that could allow hackers access to sensitive data.”
But it’s not just apps that are problematic. When UpGuard used its Website Risk Grader on some of “the world’s top dating sites,” they were met with some disappointing and rather alarming results. Websites can earn a maximum score of 950 based on “publicly accessible security factors, such as whether SSL is enabled, whether cookies are secure, how easily someone could falsify communication as the company and a number of other factors.” The lower the score, the higher the potential for security breaches.
EHarmony, one of the most famous (and perhaps oldest) of the dating sites, scored just 504, and PlentyOfFish, whose mobile application allows for use anytime, scored just 361. Even better known sites like Match.com could stand for some improvement — it scored a 741, with UpGuard noting that the site lacks “HSTS, secure cookies, and DNSSEC.”
So if you’re looking for love online, have at it — but be careful where you’re fishing.