Users bitch of account hacks, but OkCupid denies a facts breach

It’s bad sufficient that dating sites are a pit of exaggerations and inevitable unhappiness, they’re adding a hot target for hackers.

Dating sites aren’t taken into consideration the goldmine of private facts like banks or hospitals, however, they’re still an intimate part of tens of millions of humans’ lives and have long been within the attractions of hackers. If the hackers aren’t hitting the lower back-cease database like with the AdultFriendFinder, Ashley Madison and Zoosk breaches, the hackers try ruin in thru the front door with leaked or guessed passwords.

That’s what seems to be taking place with a few OkCupid bills.

A reader contacted TechCrunch after his account was hacked. The reader, who did no longer want to be named, said the hacker broke in and modified his password, locking him out of his account. Worse, they changed his email cope with on file, stopping him from resetting his password.

OkCupid didn’t ship an email to affirm the address alternate — it just blindly well-known the exchange.

“Unfortunately, we’re not capable of providing any information about bills no longer linked for your e-mail deal with,” stated OkCupid’s customer support in response to his criticism, which he forwarded to TechCrunch. Then, the hacker commenced harassing him with odd text messages from his smartphone range that became lifted from one in all his personal messages.

It wasn’t an remoted case. We found several cases of people pronouncing their OkCupid account had been hacked.

Another person we spoke to ultimately was given his account back. “It becomes quite the war,” he stated. “It was days of regular damage manipulate till [OkCupid] ultimately reset the password for me.”

Other customers we spoke to had higher luck in getting their accounts returned. One man or woman didn’t bother, he said. Even disabled bills can be re-enabled if a hacker logs in, some customers observed.

But numerous users couldn’t provide an explanation for how their passwords — specific to OkCupid and not used on any other app or site — were inexplicably received.

“There has been no protection breach at OkCupid,” stated Natalie Sawyer, a spokesperson for OkCupid. “All websites constantly enjoy account takeover tries. There has been no increase in account takeovers on OkCupid.”

Even on OkCupid’s very own assist pages, the organization says that account takeovers frequently take place due to the fact a person has an account proprietor’s login facts. “If you operate the equal password on numerous distinctive sites or offerings, then your accounts on they all have the potential to be taken over if one web site has a security breach,” says the guide web page.

That describes credential stuffing, a method of strolling full-size lists of usernames and passwords towards an internet site to look if an aggregate we could the hacker in. The simplest, most effective manner in opposition to credential stuffing is for the consumer to use a unique password on each website online. For agencies like OkCupid, the opposite powerful blocker is through permitting users to switch on -thing authentication.

When asked how OkCupid plans to save you account hacks within the future, the spokesperson said the corporation had “no in addition remark.”

In truth, while we checked, OkCupid turned into just one among many foremost courting websites — like Match, PlentyOfFish, Zoosk, Badoo, JDate, and eHarmony — that didn’t use two-element authentication in any respect.

As if courting wasn’t hard sufficient on the great of instances, now you have to defend your self from hackers, too.

Share