Love Really is Blind: Cyber Criminals Are Attracted to the Vulnerability of Dating Apps and Sites

Just about all of us have been there. By some estimates, it’s more likely than not that any given American had some data stolen last year.

Compromised data is an increasingly common part of our lives. Sometimes it’s a school that’s breached. Other times it’s an email provider. Occasionally it’s a financial services company.

But dang it, when cyber criminals target love, they’ve gone too far, and it’s become clear that even Valentine’s Day is no longer safe from bad guys looking to steal your personal information. Everywhere one looked last week, there seemed to be reminders that the search for love is being exploited.

To wit, some 6 million users of the popular dating app Coffee Meets Bagel had something other than flowers or candy waiting for them when they awoke on Valentine’s morning. Rather, they had an email informing them that an “unauthorized party” had gained access to the app’s back-end systems and made off with their names and email addresses.

In other words, while all of those lonely souls were putting themselves out there in the hope of meeting that someone special, cyber criminals were lurking, waiting to take advantage of all that vulnerability. It’s almost enough to make one choose isolation.

San Francisco-based Coffee Meets Bagel said that it doesn’t store any financial information or passwords, that it had engaged forensic experts to conduct an investigation, and that it was performing an audit of vendor and external systems.

But some of Coffee Meets Bagel’s users may have already been on edge from another incident that was revealed earlier in the week when OkCupid said that vulnerabilities in its dating app resulted in users finding themselves viewing spoofed pages and in-app messages. Some users were tricked into providing access to their accounts and could have been subjected to identity theft or credit card scams.

The sad thing is that the practice of taking advantage of those seeking love has become a common strategy for hackers and scammers. In fact, a recent alert from the FTC asserts that romance scams resulted in users being bilked out of $143 million in 2018, making it the most common scam reported to the FTC.

Victims lost an average of $2,600 to these scams, in which the bad guys use dating apps, social media, or dating web sites to coerce users to send them money.

It’s disconcerting, to say the least, that companies in the romance business aren’t doing a better job of protecting customers who are making themselves so vulnerable. But a recent primer Security Boulevard published specifically on protecting oneself from dating app breaches proclaims that “online dating is an info security nightmare.”

The piece goes on to document how dating apps—especially Grindr and Tinder—have been breached repeatedly over the years.

“You are incentivized to create some feeling of intimacy, but with a person who is a literal unknown,” the post reads. “It requires a delicate dance of revealing information about yourself to beguile and accepting information from others with good faith. Our guard is down in these apps. Scammers know this.” 

In a way, this trend is doing us a favor by offering us this pearl of wisdom: The more vulnerable an app or service asks you to be, and the more personal the data it asks for, the more carefully we should conduct ourselves. 

In attempting to help users achieve this vigilance, Security Boulevard recommends that users review their account security, be on alert for social engineering efforts, and also take physical security precautions. So, things like stronger passwords and being suspicious of anyone who sends you links is a good place to start. Users should also think carefully before revealing any accurate personal data when establishing their profiles, as such data can often be used to link users to their social media accounts. 

The piece also recommends setting up secondary email addresses and cell phone numbers to use for online dating. Additional steps, such as turning off location-sharing features, making use of tools like reverse image search to learn more about suspicious profiles, or, once engaged with another user, sharing vague information rather than specifics, can help keep you safe. 

And, of course, once you set up a meeting with another user, always pick a neutral location in a public setting. 

There’s also the old-fashioned approach of meeting people in person through your network of friends, but we all know this is folly. No one under the age of 40 meets that way anymore, and this will certainly not be the last time you ready about online dating breaches. 

Which leads us to the same advice people who are dating have received for decades: Be careful out there!

*** This is a Security Bloggers Network syndicated blog from RSAConference Blogs RSS Feed authored by Tony Kontzer. Read the original post at: