The matchmaking app OKCupid, which has more than 5 million active users, turned out to leak users’ data without their knowledge. This scandal is thought to shake users’ trust in the platform.
According to a study by CyberNews, OKCupid, with about 5 million active members, was leaking users’ data online without their knowledge. The appearance of OKCupid, a very popular matchmaking application, with such a scandal seems to weaken the trust of the users on the platform.
Stating that it is possible to get the ‘last location ID’ of any OKCupid user, CyberNews says that from which location a user logs in can be detected and potential work or home addresses can be found. At this point, CyberNews also claims that they can detect the user location with some operations.
CyberNews says users can locate locations up to a radius of 10 to 20 meters:
Explaining how they did this, the CyberNews team was able to access location data by interrupting network requests and responses between the company’s servers and the OKCupid application using MITM Proxy operations. Accessing these server responses allowed researchers to reach the last known identity ID of a user. Thus, the status was updated every time a user logged into the OKCupid application.
CyberNews says that by doing this operation many times, they can locate the user within a radius of 10 to 20 meters. On the other hand, the company said it shared its findings with OKCupid last January, but there is no innovation yet whether the company has corrected these errors. At this point, another study by CyberNews showed that location ID tracking was removed.
It is not known how long this error, which is stated to contain the data of millions of users, has been available on the platform or exactly how OKCupid put the personal data of the user at risk. However, there is no official statement made by the company in this regard. However, it is obvious that such a large-scale scandal will harm the reliability of the application in the coming days.