OkCupid has about 50 million registered users, most of whom are between the ages of 25 and 34.
The makers of the app, which is now 16 years old, claim that more than 91 million connections are made through it each year and 50,000 dates set up each week.
In 2012, it became the first major dating web site to create a mobile app.
- Expose users’ sensitive data stored on the app;
- Perform actions on behalf of the victim;
- Steal users’ profile and private data, preferences and characteristics;
- Steal users’ authentication token, users’ IDs, and other sensitive information such as email addresses; and
- Send the data gathered to a server nominated by an attacker.
Boxiner and Vaknin said they had practised responsible disclosure, informing OKCupid about the vulnerabilities and waiting for patches to be released, before publishing information about the flaws.
OkCupid said: “Not a single user was impacted by the potential vulnerability on OkCupid, and we were able to fix it within 48 hours.
"We’re grateful to partners like Check Point who put the safety and privacy of our users first.”