Cold February is THE month to search for love. As the online dating scene is blooming, it opens opportunities for hackers to act. Everyone knows a cyber incident is a real turn-off, and when love is part of the game, it makes it difficult to spot digital red flags.

In the quest for love, technology promised to shortcut the search for the significant other. But beware, the rise of online courtship has attracted the attention of threat actors, con artists, and players with malicious intent, hiding behind black hoodies and fake profiles. Protect your heart and avoid becoming another statistic digit. Learn how to spot digital red flags and navigate the rough water of the unprotected cyber dating scene.

First date: Keep the mystery and under-share information

Who you are is your identity, and so is your data. You should be careful what you disclose and to which technology app you put your trust.

The Ashley Madison breach in July 2015 revealed the vulnerability of online dating sites. The lesson learned was that with enough resources and time, any system is breachable. While millions of users put their trust in dating apps to keep their private data private, the reality is that innovative hackers will eventually figure out a way into the system. That was the case with the world’s most popular dating site, Tinder, when a threat actor managed to gain access to the system and see which profile pictures users have viewed, and to which direction they swiped. Moreover, threat actors gain the ability to track the user’s physical location. With such information, consider a golden mine – hackers could leverage it for broad-scale blackmail and extortion attempts.

Private channels over the dark web and Telegram offer countless business opportunities for stolen private data from dating apps. Prices vary depending on the type and quality of information, such as email addresses, passwords, and credit card details. Sometimes you can even find sensitive medical information such as HIV and COVID-19 vaccination status. The price also depends on the date of the stolen data, with earlier dates commanding higher prices due to the lower likelihood of the credentials having been changed.

Social engineering is not socially friendly

On our way to finding true love, we share lots of information about ourselves creating a significant digital footprint that makes it so easy for hackers to leverage the data and create damage. Are you using the same credentials for all of your accounts? This makes their job even easier. The potential risk of data exfiltration goes from stolen Credit Card information, and identity theft, all the way to blackmail, shaming, extortion, and breaking a family household. Sophisticated hackers can lure romance seekers into engaging in a form of a video chat. In such cases the video can be pre-recorded, convincing the victim to engage in a sexual act. The session is then recorded and can be used later on for purposes of shaming, extortion, and blackmail.

Love in practice: Two cents from a cyberdating veteran

  • Incorporate password management solutions to keep different passwords for each account. This way you have to memorize only one password.
  • Enforce a strong password mechanism that will include at least 12 characters, a combination of capital, lowercase, special characters, and numbers, and try to create a story that is logical only to you.
  • While not always possible to verify, ensure you’re using a chat that supports and enables end-to-end encryption before disclosing private (or any) information.
  • Most apps and websites offer MFA (multi-factor authentication) as the default way for signing in. Use it. It will dramatically reduce the level of risk and identity theft.
  • Look for apps that guarantee immediate data deletion features. So at any point, you can get rid of any historical unwanted digital footprints.
  • When posting a profile picture, try to use a unique one that has never been shared before. Hackers can fairly easily use common tools to cross those pictures with another social platform account, and by doing so verify your actual identity.
  • Keep your sexy pictures old-school. If it’s on a file it has potential slips into the wrong person. And with the association of pictures per person, the way to shaming, extortion, or blackmail is pretty near.

Spread love – not personal data

With the increasing rate of data sharing in the name of profit, and with hackers showing no mercy, it is time to conduct a serious debate on the way commercial companies take advantage of our private data in exchange for potential romantic hookups. While some application providers do their best efforts to protect users’ data and integrity, the current situation is that hackers try even harder to breach any fence that is on their way and take control over digital assets.

Peace and Love to you and your digital self.

Read Part II | Read Part III