Ars Technic article A dating website’s ability to protect your personal information is crucial to keeping people happy and making it more likely that a prospective partner will be interested in you, a security researcher says.
In a recent blog post, cybersecurity researcher and researcher at Trend Micro, Brian Krebs, revealed how the dating site OkCupid is able to use a bot to generate fake email addresses, along with other data that’s passed along to other dating sites.
The site’s email system allows the bot to send messages to potential users and send spam, and then the user’s email address can be used by OkC, Krebs said.
That information can then be sent to other sites.
While the bots can be blocked from sending spam, it’s still possible to send emails to a real user, which would then trigger the bot’s attention and potentially take down the site.
Krebs says the site’s data could be shared with others who may have used it for nefarious purposes.
OkC is the only dating site Krebs found to have botting capability, but he believes other dating services have similar capabilities.
He noted that a user can also delete their account and use a new one from another site, or a different person, or from a different phone number, and they can also disable the bot on their own account.
Krebbs also points out that if someone accidentally sends someone a fake email address, they can delete the email address from their OkC account.
Okc has since patched the issue.
Trend Micro did not respond to Ars’ request for comment.
A dating site’s ability “to generate fake emails is a significant problem,” said Krebs.
“It’s something that we can’t see a solution for.”
OkC isn’t the only one with botting capabilities.
The website Match.com has a similar feature, and the company is also a member of the “botting community.”
But Match and other dating websites have had a long history of getting hacked.
While bots can take down a dating site, they’re also possible to use to send fake emails to potential matches, and those messages can then trigger a bot’s action.
The dating sites also have a history of letting users know that a potential match’s email is being sent to someone else, which can potentially be a sign that the email was sent from a bot.
Kreps said that the botting issue is an issue dating sites face on a regular basis, and that he believes that the dating sites have to take the issue seriously.
“When you have a bot that’s doing something malicious that you don’t expect, it creates a lot of potential for botting,” Krebs told Ars.
“The problem is, there are a lot more of those than people realize.
We’ve seen a lot.”
Krebs also said that OkC’s botting problem is just one of the many security issues dating sites are facing.
“People are often surprised when they see that Okcupid has botting, because it’s not really a bot,” he said.
“OkC is just the tip of the iceberg.
There are hundreds of dating sites out there.”
Dating sites also get hacked all the time, he said, adding that they have a number of different types of attacks that could be used to gain access to a dating website.
Some dating sites may even be infected with malware that lets hackers gain control of the server.
“They’re not just trying to get your email address; they’re trying to gain control over the whole server, and you could potentially get that information,” Kreps explained.
“You have to be careful.”
Krebts said that dating sites that have problems getting hacked should not give up on their privacy.
“If you can’t trust your partner, you should not date that person,” he wrote.
“There are other, better ways to meet people.”
A dating company that’s currently under investigation by the FBI Krebs’ blog post has prompted some dating site users to call for more security measures in the dating industry.
“We know OkC has a problem, and it is an important one.
If you want your dating site to be secure, you need to make sure that OkCs bot is being shut down,” said Ryan Tamburini, a co-founder of OkC and founder of Match.
“I think the dating companies are going to have to start taking the security threat seriously,” Tamburelli added.
“Thats why I believe OkC needs to be shut down immediately.”
Okc’s bot issues could affect other dating service providers as well, according to a blog post by cybersecurity researcher at cybersecurity firm Symantec.
He said that, with a botting vulnerability, some dating sites could become vulnerable to phishing attacks, which use automated malware to steal your email account credentials and other personal information.
Krets says that it’s also possible that a dating service provider could be hacked if they’re not careful