Looking for love online? Beware: You might get hacked.
More cyber criminals are turning to online dating websites to take advantage of individuals searching for that special someone—and with good reason. One in 10 Americans have used an online dating site or application, according to Pew Research.
“We’ve seen a dramatic increase in the attacks on online dating sites and data breaches in general over the last three years,” said Alisdair Faulkner, chief products officer for ThreatMetrix, a cybersecurity firm that helps authenticate website users.
Another cyber security firm, called Include Security, revealed on its blog this week that hackers had been able to potentially access the location of Tinder users (prior to recent updates). The Tinder app allows people to find singles who live close to them. The dating app has been gaining buzz for its purported widespread use by athletes at the Olympic games in Sochi.
Tinder and cyber security officials had been working on shoring up the potential vulnerability for months, but the issue only became public this week with the blog post.
According to Include Security, hackers could have taken advantage of Tinder users’ available information, and then employed an outside strategy called triangulation to ultimately find users’ exact locations. Triangulation incorporates three distance locations to find the target geographically.
Officials at Include Security told CNBC they alerted Tinder to the location vulnerability and that the issue had been fixed in December.
In a statement emailed to CNBC this week, Tinder’s co-founder and CEO Sean Rad said after learning about the vulnerability, “Tinder implemented specific measures to enhance location security and further obscure location data,” adding, “Our users’ privacy and security continue to be our highest priority.”
ThreatMetrix’s Faulkner said while location-based social networks and dating sites are all the rage, they pose risks.
“What people don’t appreciate is how that location information could be potentially used against them. Things like cyber stalking is a real issue for many parts of society. Other sorts of things that people may not think about is what kind of location information they are sharing that can be used perhaps to burglarize their house, when they’re away.”
This isn’t the first time online dating companies have been vulnerable. In January 2013, hackers took personal information for as many as 42 million people from Cupid Media, an Australian-based company that runs dating sites. Cupid Media said in a statement that after the incident, they undertook “a comprehensive review of our data storage and security practices and made appropriate changes if required.”
3 ways cyber thieves target online daters
There are three major ways cyber criminals target online daters, said Faulkner of ThreatMetrix.
First, online daters can be duped by hackers, who create false profiles ultimately to start communication and ask you for money.
“They want to try to dupe you out of your money. That’s either by trying to trick you to pay for airline tickets or it could even be plain old extortion by turning that flirtatious indiscretion into a lifetime of regret,” Faulkner said.
Another potential trap? Many online daters do not guard their personal information. While online dating sites need to take steps to secure databases, users also must be cautious. For example, users should use different, complex password for different websites.
In 2012, another dating site, eHarmony, was breached when it allowed customers to use the unsecure password, “password,” according to a statement. Company officials added, “eHarmony has since eliminated that as a possibility and it continues to be a safe and secure environment for individuals looking to find the love of their life.”
Finally, online daters need to be careful with potential matches. Hackers try to infiltrate internal dating site messaging services to send malicious links. Hackers essentially try to breach dating sites to leverage trusted connections to send links laden with malware, Faulkner said.
Purveyors of online dating sites can also play an important role in keeping the dating pool clean by keeping an eye out for suspicious profiles. “If you have a profile that says … they’ve gone to an Ivy League school, but their grammar is really off, that’s a telltale sign. The other thing [consumers] can do is educate themselves, how well does this site protect my data?” Faulkner said.
Image credit: CC by Diogo Vieira