GO
Loading...

How cyberthieves are targeting online daters

Saturday, 22 Feb 2014 | 1:00 PM ET
Looking for love online? Cupid may be a hacker...
Friday, 21 Feb 2014 | 3:00 PM ET
Hackers are turning to online dating to cash in on the search for that special someone. CNBC's Eamon Javers reports.

Looking for love online? Beware: You might get hacked.

More cyber criminals are turning to online dating websites to take advantage of individuals searching for that special someone. And with good reason. One in 10 Americans have used an online dating site or application, according to Pew Research.

"We've seen a dramatic increase in the attacks on online dating sites and data breaches in general over the last three years," said Alisdair Faulkner, chief products officer for ThreatMetrix, a cybersecurity firm that helps authenticate website users.

Another cyber security firm, called Include Security, revealed on its blog this week that hackers had been able to potentially access the location of Tinder users—prior to more recent fixes. The Tinder app allows people to find singles who live close to them. The dating app has been gaining buzz for its purported widespread use by athletes at the Olympic games in Sochi.

(See more: Tinder popular at the Olympics)

Tinder and cyber security officials had been working on shoring up the potential vulnerability for months, but the issue only became public this week with the blog post.

According to Include Security, hackers could have taken advantage of Tinder users available information, and then employ an outside strategy called triangulation to ultimately find users' exact locations. Triangulation incorporates three distance locations to find the target geographically.

Officials at Include Security told CNBC they alerted Tinder to the location vulnerability and that the issue had been fixed in December.

In a statement emailed to CNBC this week, Tinder's co-founder and CEO Sean Rad said after learning about the vulnerability, "Tinder implemented specific measures to enhance location security and further obscure location data," adding, "Our users' privacy and security continue to be our highest priority."

ThreatMetrix's Faulkner said while location-based social networks and dating sites are all the rage, they pose risks.

"What people don't appreciate is how that location information could be potentially used against them. Things like cyber stalking is a real issue for many parts of society. Other sorts of things that people may not think about is what kind of location information they are sharing that can be used perhaps to burglarize their house, when they're away."

This isn't the first time online dating companies have been vulnerable. In January 2013, hackers took personal information for as many as 42 million people from Cupid Media, an Australian-based company that runs dating sites. Cupid Media said in a statement that after the incident, they undertook "a comprehensive review of our data storage and security practices and made appropriate changes if required."

(Read more: We used to meet in person—America's crush on online dating)

Pearleye | E+ | Getty Images

3 ways cyber thieves target online daters

There are three major ways cyber criminals target online daters, said Faulkner of ThreatMetrix.

First, online daters can be duped by hackers, who create false profiles ultimately to start communication and ask you for money.

"They want to try to dupe you out of your money. That's either by trying to trick you to pay for airline tickets or it could even be plain old extortion by turning that flirtatious indiscretion into a lifetime of regret," Faulkner said.

Another potential trap? Many online daters do not guard their personal information. While online dating sites need to take steps to secure databases, users also must be cautious. For example, users should use different, complex password for different websites.

In 2012, another dating site, eHarmony, was breached when it allowed customers to use the unsecure password, "password," according to a statement. Company officials added, "eHarmony has since eliminated that as a possibility and it continues to be a safe and secure environment for individuals looking to find the love of their life."

(Read more: Mistakes businesses are still making in cyberspace)

Finally, online daters need to be careful with potential matches. Hackers try to infiltrate internal dating site messaging services to send malicious links. Hackers essentially try to breach dating sites to leverage trusted connections to send links laden with malware, Faulkner said.

Purveyors of online dating sites can also play an important role in keeping the dating pool clean by keeping an eye out for suspicious profiles. "If you have a profile that says … they've gone to an Ivy League school, but their grammar is really off, that's a telltale sign. The other thing [consumers] can do is educate themselves, how well does this site protect my data?" Faulkner said.

By CNBC's Jennifer Schlesinger. Follow her on Twitter @jennyanne211

For more CNBC coverage of cybersecurity, visit HackingAmerica.cnbc.com.

Featured

  • CNBC's senior correspondent and lead investigative reporter, Scott Cohn also appears on "NBC Nightly News with Brian Williams," the "Today" and on MSNBC.

  • Co-anchor of CNBC's "Squawk on the Street," David Faber also is a co-producer of CNBC's original documentaries.

  • Eamon Javers is a reporter based at CNBC's Washington, D.C. bureau, appearing on business day programming and contributes to CNBC.com.

Investigations Inc.: Cyber Espionage

  • When a person enters information on a website, like an email or credit card, it gets stored in that company’s data base. Those web-based forms are a simple tool for users, but they are also another way hackers can exploit a company’s system. Instead of inputting a name into the website, cyber spies can put in a specially crafted text that may cause the database to execute the code instead of simply storing it, Alperovitch said. The result is a “malicious takeover of the system,” he said.

    By attacking business computer networks, hackers are accessing company secrets and confidential strategies and creating huge losses for the overall economy.

  • China is working feverishly to counteract its slowest GDP growth in recent years, and one of the ways it’s doing so, say U.S. officials, is through the theft of American corporate secrets.

  • US businesses are enduring an unprecedented onslaught of cyber invasions from foreign governments, organized crime syndicates, and hacker collectives, all seeking to steal information and disrupt services, cybersecurity experts say.

Technology

Technology Explained