Dating site OkCupid potentially hit by a credential stuffing attack
- News sources say that account information of OkCupid users was allegedly compromised by cybercriminals.
- Company denies breach, citing ‘account takeovers’ that might have occurred sporadically.
OkCupid was reportedly a victim to a cyber attack recently. The popular dating site appears to have suffered a credential stuffing exposing user data. Various news outlets have reported that the site was hacked by attackers.
However, OkCupid has denied such reports by responding that the incident was just an instance of ‘account takeovers’, possibly due to user negligence.
“There has been no security breach at OkCupid. All websites constantly experience account takeover attempts. There has been no increase in account takeovers on OkCupid,” a spokesperson for the company said.
“Account takeovers like this generally happen because people have accessed your login information. That can happen in a few ways. The simplest, of course, is using a password that's easy to guess. Another option is because of a breach on another site. If you use the same password on several different sites or services, then your accounts on all of them have the potential to be taken over if one site has a security breach,” suggests an article from the help section.
Suspicious credential changes
When one of the users notified of a suspicious credential change in his account, OkCupid denied providing any information regarding the incident but confirmed the change in his account. Other users also faced issues with accessing their account with many saying that they were lucky enough to get them back after a while.
Likewise, OkCupid did reset passwords for some of the affected accounts which were notified to them. It has also informed users to keep their passwords secure and advises them to maintain a strong password not susceptible to attackers.