Customers complain of account hacks, however OkCupid denies an information breach

It’s unhealthy sufficient that relationship websites are a pit of exaggerations and inevitable disappointment, they’re additionally a sizzling goal for hackers. Relationship websites aren’t thought of the goldmine of private data like banks or hospitals, however they’re nonetheless an intimate a part of thousands and thousands of individuals’s lives and have lengthy been within the sights of hackers. If the hackers aren’t hitting the back-end database like with the AdultFriendFinder, Ashley Madison, and Zoosk breaches, the hackers are attempting break in by way of the entrance door with leaked or guessed passwords. That’s what seems to be taking place with some OkCupid accounts. A reader contacted TechCrunch after his account was hacked. The reader, who didn't wish to be named, stated the hacker broke in and adjusted his password, locking him out of his account. Worse, they modified his e mail handle on file, stopping him from resetting his password. OkCupid didn’t ship an e mail to substantiate the handle change — it simply blindly accepted the change. “Sadly, we’re not in a position to present any particulars about accounts not related to your e mail handle,” stated OkCupid’s customer support in response to his grievance, which he forwarded to TechCrunch. Then, the hacker began harassing him unusual textual content messages from his telephone quantity that was lifted from one among his personal messages. It wasn’t an remoted case. We discovered a number of circumstances of individuals saying their OkCupid account had been hacked. One other person we spoke to finally received his account again. “It was fairly the battle,” he stated. “It was two days of fixed injury management till [OkCupid] lastly reset the password for me.” Different customers we spoke to had higher luck than others in getting their accounts again. One individual didn’t trouble, he stated. Even disabled accounts may be re-enabled if a hacker logs in, some customers discovered. However a number of customers couldn’t clarify how their passwords — distinctive to OkCupid and never used on every other app or web site — had been inexplicably obtained. “There was no safety breach at OkCupid,” stated Natalie Sawyer, a spokesperson for OkCupid. “All web sites continuously expertise account takeover makes an attempt. There was no improve in account takeovers on OkCupid.” Even on OkCupid’s personal help pages, the corporate says that account takeovers typically occur as a result of somebody has an account proprietor’s login data. “When you use the identical password on a number of completely different websites or companies, then your accounts on all of them have the potential to be taken over if one web site has a safety breach,” says the help web page. That’s describes credential stuffing, a way of working an unlimited lists of usernames and passwords in opposition to an internet site to see if a mixture lets the hacker in. The best, best manner in opposition to credential stuffing is for the person to make use of a singular password on every web site. For corporations like OkCupid, the opposite efficient blocker is by permitting customers to modify on two-factor authentication. When requested how OkCupid plans to stop account hacks sooner or later, the spokesperson stated the corporate had “no additional remark.” In actual fact, once we checked, OkCupid was simply one among many main relationship websites — like Match, PlentyOfFish, Zoosk, Badoo, JDate, and eHarmony — that didn’t use two-factor authentication in any respect. As if relationship wasn’t robust sufficient at the most effective of occasions, now it's important to defend your self from hackers, too. Cybersecurity 101: 5 easy safety guides for safeguarding your privateness