OkCupid is a US-based dating app that was launched in 2004, with more than 50 million users since launch. It currently boasts around 5 million active members and 1 million weekly installs of its apps. Recently, the dating app moved to a “Tinder” style match system. As with all other popular dating apps, OkCupid promised to keep its users safe.
However, during our research into dating apps, we’ve discovered that it is possible to track OkCupid users and find their exact location. This presents a major threat for OkCupid users who might fall victim to aggressive stalking.
Summary of our results
The results were surprising, to say the least:
- It is possible to retrieve the last known location ID of any OkCupid user
- Location IDs update automatically as long as the user is online
- By mapping out an area, hackers can triangulate users’ near real time locations. This can affect any and all users of the OkCupid app
How we found out about OkCupid’s data leak
In order to carry out this research, our analysts intercepted the network requests and responses between the app and the server using a MITM (Man In The Middle) Proxy.
By simply taking the different location IDs of another user, triangulating their precise last known location becomes possible. A hacker can also see the distance from them to the victim in a 10 to 20-meter radius.
Here’s what the vulnerability looks like:
A danger to user privacy
With a few simple steps, we can easily track anyone on OkCupid in a given city – from home, to work, to social gatherings, to wherever. This is a terrible blow to users’ privacy.
It could have dire consequences for women, who are often the victims of romantic or sexual violence. This is exacerbated by cases of ex-boyfriends or ex-husbands, or men that these women have rejected (immediately or eventually).
To make things worse, apart from exposing users to stalkers, exes and criminals, revealing a user’s near real-time physical location on a dating app can have serious ramifications for members of the LGBT+ community in countries with widespread human rights violations.
For these reasons and more, this is a huge failure on the OkCupid’s side to protect its users and needs to be fixed immediately.
OkCupid has since fixed the issue – after we reported it to them.
We asked women what they think about dating app safety
If there’s anything popular Netflix series ‘YOU’ has taught us, it’s that you can never be certain you really know the person you’re talking to online. With International Women’s Day (8th March) in mind, we set out to see how detrimental dating apps in general can be to users’ safety.
We surveyed 2,321 women to investigate their dating app experiences.
Here are the results.
|Survey Questions||Percentage of women that have experienced this|
|Have you ever been called an offensive name?||91%|
|Has someone continued to contact you after you expressed not being interested?||74%|
|Do you fear being stalked by someone you’re talking to online?||71%|
|Have you been sent unwanted sexually explicit photos?||67%|
|Has someone ever made you feel worried for your safety?||48%|
|Have you ever been threatened with physical harm?||38%|
|Have you ever been catfished by someone you were talking to?||19%|
88% of women surveyed said that at some point they have been harassed while using a dating app. Being contacted after turning someone’s advances down seems to be a consistent theme with 74% of women saying this has happened to them. Shockingly, almost a third (32%) said that people have taken to another messaging platform to contact them. Furthermore, 67% of women have been sent unwanted sexually explicit photos, while an astounding 91% said they’ve been called an offensive name.
65% of women said the app has left them feeling worse about finding love, compared to 25% who stated that it made them feel better and 10% stating they feel indifferent. 87% of women believe that more can be done to monitor profiles and accounts being created on dating apps. To discover more about women and their dating app experiences, we spoke to Esther and Sophie. This is what they had to say:
Esther: “I decided to stop replying to a guy who I decided I wasn’t interested in and he continued to message and with every message they got more aggressive. I blocked him and he messaged me off another number calling me a b**** for ignoring him”
Sophie: “I was on a date with a guy I met on a dating app and during our date he told me he worked as a chef – and wanted to cook me, but only the bottom half. He said he would turn me into ham because I have nice legs, and the upper half he’d hang in his room because I’m beautiful.”
It’s clear that when it comes to dating app safety, there’s still plenty of room for improvement. Protecting users’ privacy – especially their whereabouts – must be a top priority not just for OkCupid, but for any platform that involves romantic interactions between users.