IT Pro is supported by its audience. When you purchase through links on our site, we may earn an affiliate commission. Learn more
In-depth

Love lives laid bare: are dating sites a magnet for hackers?

With three high profile hacks within one year, are dating sites worth the risk?

Internet dating

Questions over the safety of online dating hacks may once have referred to not knowing the real identity of the person (or people) you are chatting to and personal safety, more recently attention has turned to the safety of users' data.

The Ashley Madison attack in July 2015 revealed the sensitive data of 37 million people. Not only were their names, addresses and credit card details revealed to the world, but also the fact that these individuals were breaking social taboos by actively seeking to have an affair.

There were some who felt that Ashley Madison's subscribers got what they deserved for seeking to cheat on their spouses and partners. Indeed, that seems to have been at least part of the motivation behind the hack, along with the CTO's proclamation that the company's "Full Delete" service completely erased all the data.

Earlier that year, hook-up site Adult Friend Finder was also hacked, with the personal details of nearly four million users leaked, including their IP addresses and dates of birth.

More recently, subscribers to elite dating site BeautifulPeople, which only allows people who are perceived to be highly attractive to subscribe, also had their details leaked online, including their income, address, relationship status and virtually every biometric data point imaginable, including weight, eye colour and hair colour.

While the site has been criticised for removing people for perceivedly being too old or not good looking enough, no one has come forward with a reason for why they hacked to site.

So what is the motivation for these hacks? And are those who use specialist sites - be they for 'elite' groups, people looking for an affair, or anything else - more at risk than those who use "vanilla" dating services?

"Dating sites contain a very high level of personal information, which can be very valuable in the wrong hands and quite embarrassing and damaging for those involved," Rob Norris, director of enterprise and cybersecurity for EMEIA at Fujitsu, told IT Pro.

This goes beyond what is normally considered personal information in other hacks, such as full names, addresses and financial details, to also include sexual preferences and, in the case of BeautifulPeople, private messages between subscribers.

It is this kind of additional information that makes these kinds of attacks so serious and introduces a unique set of repercussions.

"The Ashley Madison hack has illustrated the value of the data stored on these websites, and also the high potential for everything from blackmail to causing trouble for the sake of it," Jovi Umawing, malware intelligence analyst at Malwarebytes, said.

"As we've seen with reports of suicide related to the Ashley Madison hack, the consequences can be devastating," Umawing added.

Are dating sites, specialist or not, necessarily targeted more frequently than other sites, though? According to David Emm, principal security researcher as Kaspersky Lab, the answer is not necessarily.

While they are a data-rich target for cyber criminals, they are also a salacious one for the media to report on.

"By their nature, dating sites certainly draw a lot of media interest - whether they are launching a new feature or have suffered a cyber attack," said Emm.

Even within the field of dating sites, there is a hierarchy of what will generate the most coverage.

"Ashley Madison was given a lot of attention simply because of its members intentions," said Emm.

Norris agreed. "[Hacks] can and will happen to 'normal sites', but without an angle like BeautifulPeople or people having affairs, it is a less newsworthy story," he said.

Perhaps unlike other website categories, though, for dating sites the user can do little to protect themselves, with everything resting in the hands of the provider.

"Site users are at a disadvantage here, because anybody filling in dating sites with fake information is not likely to be very successful in meeting a potential match," said Malwarebytes' Umawing, whose view is backed up by Kaspersky's Emm.

"There is very little customers can do to affect the security of the online providers' infrastructure," he said.

What does that mean, then, for dating sites?

IT Pro contacted dating site Elite Singles to find out how it is protecting its users and whether online dating is safe.

"What happened in [the case of BeautifulPeople was, it appears, a preventable lack of database protection," a spokesperson told IT Pro.

"In terms of overall safety of online dating websites, the risk is similar to using many online services. Naturally, no IT system can be 100 per cent secure. However, we employ a number of methods to ensure a very high level of data security.

"For example, our servers have extremely effective firewalls and our database is protected against access from outside of our network and accessible only via encrypted keys," the spokesperson added.

But users are not completely at the mercy of dating service providers.

Returning to the old advice that people should be cautious with online dating, and citing the many false profiles revealed through the Ashley Madison hack, Emm advised: "It's ... vital not to trust people online automatically. There's no way to identify someone's true appearance or motives through the messages they're exchanging with you."

He added: "Linking your Facebook or Instagram profile with an online dating app can be problematic, especially in the hands of burglars or fraudsters. If you happen to 'match' with someone with ill intent, they're able to gain access to your social media pages, which are more likely to include addresses, pictures and more personal information."

Featured Resources

Activation playbook: Deliver data that powers impactful, game-changing campaigns

Bringing together data and technology to drive better business outcomes

Free Download

In unpredictable times, a data strategy is key

Data processes are crucial to guide decisions and drive business growth

Free Download

Achieving resiliency with Everything-as-a-Service (XAAS)

Transforming the enterprise IT landscape

Free Download

What is contextual analytics?

Creating more customer value in HR software applications

Free Download

Recommended

Ten ways to protect your company from the next big data breach
data breaches

Ten ways to protect your company from the next big data breach

18 Feb 2022
Gumtree site code made personal data of users and sellers publicly accessible
data protection

Gumtree site code made personal data of users and sellers publicly accessible

16 Dec 2021
Pizza chain exposed 100,000 employees' Social Security numbers
data breaches

Pizza chain exposed 100,000 employees' Social Security numbers

19 Nov 2021
83% of critical infrastructure companies have experienced breaches in the last three years
cyber security

83% of critical infrastructure companies have experienced breaches in the last three years

11 Nov 2021

Most Popular

Open source packages with millions of installs hacked to harvest AWS credentials
hacking

Open source packages with millions of installs hacked to harvest AWS credentials

24 May 2022
Nvidia pauses hiring to help cope with inflation
Careers & training

Nvidia pauses hiring to help cope with inflation

23 May 2022
Europe's first autonomous petrol station opens in Lisbon
automation

Europe's first autonomous petrol station opens in Lisbon

23 May 2022