Love may have been in the air for Valentine’s Day but as reports emerged of a security breach at OKCupid, one security expert is feeling less than enamoured with this application.
IT news site TechCrunch revealed that some users of the OKCupid app claimed hackers had forced an entry into their accounts, changing login details and email addresses. As a result, these users became locked out of their own profiles.
The embarrassment of flirty conversations being made public are obvious and, in the past, other hookup sites have also been targeted by hackers – eHarmony, Plenty of Fish and, of course, Ashley Madison to name but a few.
However, OK Cupid are arguing that their case is different. A spokesperson told TechCrunch that their application had not suffered a security breach but instead hackers had been able to gain access by guessing weak passwords, which many users will no doubt be using across multiple sites.
In response to this information, security blogger Graham Cluley issued the following warning:
“If you use the same password on several different sites or services, then your accounts on all of them have the potential to be taken over if one site has a security breach. Lists including your email address and passwords can be sold to bad actors who will try your password on lots of different sites until they find one that works.”
The importance of two-factor authentication
OKCupid also warned of the need for secure passwords and issued a list of ways in which users could protect themselves online. However, what got Graham Cluely really riled was an important function missing from that list: two-factor authentication (2FA).
Cluely bemoaned the fact that many dating sites are still not offering this protection to users, something which he described as “rather disgraceful in this day and age”.
He explained: “2FA can offer an additional layer of security if a bad guy does manage to determine your username and password. When they try to log into your account from an unrecognised device, a site’s 2FA check can request that a six-digit number is entered after the username and password. That number is typically generated by an app on your smartphone – a smartphone that your wannabe account hacker doesn’t have access to.”
“My recommendation is that you should enable two-factor authentication (or its close cousin two-step verification) on as many of your online accounts as possible to protect yourself from being hacked.”