In-depth

Love lives laid bare: are dating sites a magnet for hackers?

With three high profile hacks within one year, are dating sites worth the risk?

Internet dating

Questions over the safety of online dating hacks may once have referred to not knowing the real identity of the person (or people) you are chatting to and personal safety, more recently attention has turned to the safety of users' data.

The Ashley Madison attack in July 2015 revealed the sensitive data of 37 million people. Not only were their names, addresses and credit card details revealed to the world, but also the fact that these individuals were breaking social taboos by actively seeking to have an affair.

Advertisement - Article continues below

There were some who felt that Ashley Madison's subscribers got what they deserved for seeking to cheat on their spouses and partners. Indeed, that seems to have been at least part of the motivation behind the hack, along with the CTO's proclamation that the company's "Full Delete" service completely erased all the data.

Earlier that year, hook-up site Adult Friend Finder was also hacked, with the personal details of nearly four million users leaked, including their IP addresses and dates of birth.

More recently, subscribers to elite dating site BeautifulPeople, which only allows people who are perceived to be highly attractive to subscribe, also had their details leaked online, including their income, address, relationship status and virtually every biometric data point imaginable, including weight, eye colour and hair colour.

Advertisement
Advertisement - Article continues below

While the site has been criticised for removing people for perceivedly being too old or not good looking enough, no one has come forward with a reason for why they hacked to site.

Advertisement - Article continues below

So what is the motivation for these hacks? And are those who use specialist sites - be they for 'elite' groups, people looking for an affair, or anything else - more at risk than those who use "vanilla" dating services?

"Dating sites contain a very high level of personal information, which can be very valuable in the wrong hands and quite embarrassing and damaging for those involved," Rob Norris, director of enterprise and cybersecurity for EMEIA at Fujitsu, told IT Pro.

This goes beyond what is normally considered personal information in other hacks, such as full names, addresses and financial details, to also include sexual preferences and, in the case of BeautifulPeople, private messages between subscribers.

It is this kind of additional information that makes these kinds of attacks so serious and introduces a unique set of repercussions.

"The Ashley Madison hack has illustrated the value of the data stored on these websites, and also the high potential for everything from blackmail to causing trouble for the sake of it," Jovi Umawing, malware intelligence analyst at Malwarebytes, said.

Advertisement - Article continues below

"As we've seen with reports of suicide related to the Ashley Madison hack, the consequences can be devastating," Umawing added.

Are dating sites, specialist or not, necessarily targeted more frequently than other sites, though? According to David Emm, principal security researcher as Kaspersky Lab, the answer is not necessarily.

While they are a data-rich target for cyber criminals, they are also a salacious one for the media to report on.

"By their nature, dating sites certainly draw a lot of media interest - whether they are launching a new feature or have suffered a cyber attack," said Emm.

Advertisement
Advertisement - Article continues below

Even within the field of dating sites, there is a hierarchy of what will generate the most coverage.

"Ashley Madison was given a lot of attention simply because of its members intentions," said Emm.

Norris agreed. "[Hacks] can and will happen to 'normal sites', but without an angle like BeautifulPeople or people having affairs, it is a less newsworthy story," he said.

Advertisement - Article continues below

Perhaps unlike other website categories, though, for dating sites the user can do little to protect themselves, with everything resting in the hands of the provider.

"Site users are at a disadvantage here, because anybody filling in dating sites with fake information is not likely to be very successful in meeting a potential match," said Malwarebytes' Umawing, whose view is backed up by Kaspersky's Emm.

"There is very little customers can do to affect the security of the online providers' infrastructure," he said.

What does that mean, then, for dating sites?

IT Pro contacted dating site Elite Singles to find out how it is protecting its users and whether online dating is safe.

"What happened in [the case of BeautifulPeople was, it appears, a preventable lack of database protection," a spokesperson told IT Pro.

"In terms of overall safety of online dating websites, the risk is similar to using many online services. Naturally, no IT system can be 100 per cent secure. However, we employ a number of methods to ensure a very high level of data security.

Advertisement - Article continues below

"For example, our servers have extremely effective firewalls and our database is protected against access from outside of our network and accessible only via encrypted keys," the spokesperson added.

But users are not completely at the mercy of dating service providers.

Returning to the old advice that people should be cautious with online dating, and citing the many false profiles revealed through the Ashley Madison hack, Emm advised: "It's ... vital not to trust people online automatically. There's no way to identify someone's true appearance or motives through the messages they're exchanging with you."

He added: "Linking your Facebook or Instagram profile with an online dating app can be problematic, especially in the hands of burglars or fraudsters. If you happen to 'match' with someone with ill intent, they're able to gain access to your social media pages, which are more likely to include addresses, pictures and more personal information."

Featured Resources

Preparing for long-term remote working after COVID-19

Learn how to safely and securely enable your remote workforce

Download now

Cloud vs on-premise storage: What’s right for you?

Key considerations driving document storage decisions for businesses

Download now

Staying ahead of the game in the world of data

Create successful marketing campaigns by understanding your customers better

Download now

Transforming productivity

Solutions that facilitate work at full speed

Download now
Advertisement
Advertisement

Recommended

Visit/security/data-breaches/355962/fitness-depot-notifies-customers-of-data-breach
data breaches

Fitness Depot notifies customers of data breach

8 Jun 2020
Visit/security/data-breaches/355056/vpnmentors-web-mapping-project-finds-more-exposed-military-files-via
data breaches

Printing company exposes 343GB of sensitive military data

20 Mar 2020
Visit/security/ddos/28039/how-to-protect-against-a-ddos-attack
Security

How to protect against a DDoS attack

25 Oct 2019

Most Popular

Visit/mobile/google-android/356373/over-2-dozen-additional-android-apps-found-stealing-user-data
Google Android

Over two dozen Android apps found stealing user data

7 Jul 2020
Visit/laptops/29190/how-to-find-ram-speed-size-and-type
Laptops

How to find RAM speed, size and type

24 Jun 2020
Visit/cloud/356260/the-road-to-recovery
Sponsored

The road to recovery

30 Jun 2020