The kind (and amount) of information divulged—about the users themselves, the places they work, visit or live—are not only useful for people looking for a date, but also to attackers who leverage this information to gain a foothold into your organization. To bear out the risks, we delved into various online dating networks, which initially included Tinder, Plenty of Fish, Jdate, OKCupid, Grindr, Coffee meets Bagel, and LoveStruck. The first stage of our research seeks to answer these main questions: Location is very potent, especially when you consider the use of Android Emulators that let you set your GPS to any place on the planet. Location can be placed right on the target company’s address, setting the radius for matching profiles as small as possible. Conversely, we were able to find a given profile’s corresponding identity outside the online dating network through classic Open Source Intelligence (OSINT) profiling. Again, this is unsurprising. Many were just too eager to share more sensitive information than necessary (a goldmine for attackers).
The 5 Best Online Dating Sites in China Visa Hunter
In fact, there’s even a previous research that triangulated people’s exact positions in real time based on their phone’s dating apps. With the ability to locate a target and link them back to a real identity, all the attacker needs to do is to exploit them. We gauged this by sending messages between our test accounts with links to known bad sites. They arrived just fine and weren’t flagged as malicious. With a little bit of social engineering, it’s easy enough to dupe the user into clicking on a link.
It can be as vanilla as a classic phishing page for the dating app itself or the network the attacker is sending them to. And when combined with password reuse, an attacker can gain an initial foothold into a person’s life. They could also use an exploit kit, but since most use dating apps on mobile devices, this is somewhat more difficult. Once the target is compromised, the attacker can attempt to hijack more machines with the endgame of accessing the victim’s professional life and their company’s network. We further explored by setting up “honeyprofiles”, or honeypots in the form of fake accounts.
19 too young online dating
We narrowed the scope of our research down to Tinder, Plenty of Fish, OKCupid, and Jdate, which we selected because of the amount of personal information shown, the kind of interaction that transpires, and the lack of initial fees. We then created profiles in various industries across different regions. That meant we also had to like profiles of potentially real people. This led to some interesting scenarios: sitting at home at night with our families while casually liking every single new profile in range (yes, we have very understanding partners).
We also employed a few house rules for our research—play hard to get, but be open-minded: The goal was to familiarize ourselves to the quirks of each online dating network. We also set up profiles that, while looking as genuine as possible, would not overly appeal to normal users but entice attackers based on the profile’s profession. That let us establish a baseline for several locations and see if there were any active attacks in those areas. The honeyprofiles were created with specific areas of potential interest:
medical admins near hospitals, military personnel near bases, etc. Maybe because we didn’t like the right accounts. Perhaps no campaigns were active on the online dating networks and areas we chose during our research. This isn’t to say though that this couldn’t happen or isn’t happening—we know that it’s technically (and definitely) possible. But what’s surprising is the amount of company information that can be gathered from an online dating network profile.
Tinder, for instance, retrieves the user’s information on Facebook and shows this in the Tinder profile without the user’s knowledge. This data, which could’ve been private on Facebook, can be displayed to other users, malicious or otherwise.