OKCupid’s new blind date app not so blind thanks to data leak

Blind dates are already both exciting and terrifying—the former because you might meet your future soulmate, and the latter because your date might end up boiling your bunny. That's why a privacy bug in OKCupid's brand new app, Crazy Blind Date, was even more disturbing than usual, even though there's no evidence of that data having been accessed.

The app's goal is to anonymously match you with another dater in your area for, well, a blind date. But the app apparently made users' full e-mail addresses and birth dates easily accessible "to anyone with the right technical skills," the Wall Street Journal discovered, thereby voiding much of the app's benefit. Worse, the bug could be used to see the information of anyone nearby who had signed up to use the service—a blind date did not have to be arranged first—putting the personal information of all of the new app's users at risk.

According to the WSJ, the bug came from Crazy Blind Date's API. In addition to the e-mail addresses and birth dates, someone could use the API to grab a Crazy Blind Date user's ID and correlate it to his or her OKCupid profile, potentially finding more information on that person.

Read 2 remaining paragraphs | Comments