Popular dating app leak puts millions of women at risk

OkCupid is a US-based dating app that was launched in 2004, with more than 50 million users since launch. It currently boasts around 5 million active members and 1 million weekly installs of its apps. Recently, the dating app moved to a "Tinder" style match system. As with all other popular dating apps, OkCupid promised to keep its users safe.

However, during our research into dating apps, we’ve discovered that it is possible to track OkCupid users and find their exact location. This presents a major threat for OkCupid users who might fall victim to aggressive stalking.

Summary of our results

The results were surprising, to say the least:

• It is possible to retrieve the last known location ID of any OkCupid user

• Location IDs update automatically as long as the user is online

• By mapping out an area, hackers can triangulate users’ near real time locations. This can affect any and all users of the OkCupid app

How we found out about OkCupid's data leak

In order to carry out this research, our analysts intercepted the network requests and responses between the app and the server using a MITM (Man In The Middle) Proxy.

By simply taking the different location IDs of another user, triangulating their precise last known location becomes possible. A hacker can also see the distance from them to the victim in a 10 to 20-meter radius.

Here's what the vulnerability looks like:

A danger to user privacy

With a few simple steps, we can easily track anyone on OkCupid in a given city – from home, to work, to social gatherings, to wherever. This is a terrible blow to users’ privacy.

It could have dire consequences for women, who are often the victims of romantic or sexual violence. This is exacerbated by cases of ex-boyfriends or ex-husbands, or men that these women have rejected (immediately or eventually).

• Protect your devices with these best antivirus software in 2021
• Find out how a VPN can help you stay protected online
• See our list of the best VPNs on offer

To make things worse, apart from exposing users to stalkers, exes and criminals, revealing a user’s near real-time physical location on a dating app can have serious ramifications for members of the LGBT+ community in countries with widespread human rights violations.

For these reasons and more, this is a huge failure on the OkCupid’s side to protect its users and needs to be fixed immediately.

OkCupid has since fixed the issue – after we reported it to them.

We asked women what they think about dating app safety

If there’s anything popular Netflix series ‘YOU’ has taught us, it’s that you can never be certain you really know the person you’re talking to online. With International Women’s Day (8^th March) in mind, we set out to see how detrimental dating apps in general can be to users’ safety.

We surveyed 2,321 women to investigate their dating app experiences.

Here are the results.

88% of women surveyed said that at some point they have been harassed while using a dating app. Being contacted after turning someone’s advances down seems to be a consistent theme with 74% of women saying this has happened to them. Shockingly, almost a third (32%) said that people have taken to another messaging platform to contact them. Furthermore, 67% of women have been sent unwanted sexually explicit photos, while an astounding 91% said they’ve been called an offensive name.

65% of women said the app has left them feeling worse about finding love, compared to 25% who stated that it made them feel better and 10% stating they feel indifferent. 87% of women believe that more can be done to monitor profiles and accounts being created on dating apps. To discover more about women and their dating app experiences, we spoke to Esther and Sophie. This is what they had to say:

Esther: “I decided to stop replying to a guy who I decided I wasn’t interested in and he continued to message and with every message they got more aggressive. I blocked him and he messaged me off another number calling me a b**** for ignoring him”

Sophie: “I was on a date with a guy I met on a dating app and during our date he told me he worked as a chef – and wanted to cook me, but only the bottom half. He said he would turn me into ham because I have nice legs, and the upper half he’d hang in his room because I’m beautiful."

It's clear that when it comes to dating app safety, there's still plenty of room for improvement. Protecting users' privacy – especially their whereabouts – must be a top priority not just for OkCupid, but for any platform that involves romantic interactions between users.

Protect yourself online with our hand-picked digital privacy tools