WEBINAR | A Deep-Dive into 2023 Cyber Threats
Reduce Alert Noise and False Positives
Boost your team's productivity by cutting down alert noise and false positives.
Automate Security Operations
Boost efficiency, reduce burnout, and better manage risk through automation.
Dark Web Monitoring
Online protection tuned to the need of your business.
Maximize Existing Security Investments
Improve efficiencies from existing investments in security tools.
Beyond MDR
Move your security operations beyond the limitations of MDR.
Secure with Microsoft 365 E5
Boost the power of Microsoft 365 E5 security.
Secure Multi-Cloud Environments
Improve cloud security and overcome complexity across multi-cloud environments.
Secure Mergers and Acquisitions
Control cyber risk for business acquisitions and dispersed business units.
Operational Technology
Solve security operations challenges affecting critical operational technology (OT) infrastructure.
Force-Multiply Your Security Operations
Whether you’re just starting your security journey, need to up your game, or you’re not happy with an existing service, we can help you to achieve your security goals.
Detection Investigation Response
Modernize Detection, Investigation, Response with a Security Operations Platform.
Threat Hunting
Locate and eliminate lurking threats with ReliaQuest GreyMatter
Threat Intelligence
Find cyber threats that have evaded your defenses.
Model Index
Security metrics to manage and improve security operations.
Breach and Attack Simulation
GreyMatter Verify is ReliaQuest’s automated breach and attack simulation capability.
Digital Risk Protection
Continuous monitoring of open, deep, and dark web sources to identify threats.
Phishing Analyzer
GreyMatter Phishing Analyzer removes the abuse mailbox management by automating the DIR process for you.
Integration Partners
The GreyMatter cloud-native Open XDR platform integrates with a fast-growing number of market-leading technologies.
Unify and Optimize Your Security Operations
ReliaQuest GreyMatter is a security operations platform built on an open XDR architecture and designed to help security teams increase visibility, reduce complexity, and manage risk across their security tools, including on-premises, clouds, networks, and endpoints.
Blog
Company Blog
Case Studies
Brands of the world trust ReliaQuest to achieve their security goals.
Data Sheets
Learn how to achieve your security outcomes faster with ReliaQuest GreyMatter.
eBooks
The latest security trends and perspectives to help inform your security operations.
Industry Guides and Reports
The latest security research and industry reports.
Podcasts
Catch up on the latest cybersecurity podcasts, and mindset moments from our very own mental performance coaches.
Solution Briefs
A deep dive on how ReliaQuest GreyMatter addresses security challenges.
White Papers
The latest white papers focused on security operations strategy, technology & insight.
Videos
Current and future SOC trends presented by our security experts.
Events & Webinars
Explore all upcoming company events, in-person and on-demand webinars
ReliaQuest ResourceCenter
From prevention techniques to emerging security trends, our comprehensive library can arm you with the tools you need to improve your security posture.
Threat Research
Get the latest threat analysis from the ReliaQuest Threat Research Team. ReliaQuest ShadowTalk Weekly podcast featuring discussions on the latest cybersecurity news and threat research.
Shadow Talk
ReliaQuest's ShadowTalk is a weekly podcast featuring discussions on the latest cybersecurity news and threat research. ShadowTalk's hosts come from threat intelligence, threat hunting, security research, and leadership backgrounds providing practical perspectives on the week's top cybersecurity stories.
April 18, 2024
About ReliaQuest
We bring our best attitude, energy and effort to everything we do, every day, to make security possible.
Leadership
Security is a team sport.
No Show Dogs Podcast
Mental Performance Coaches Derin McMains and Dr. Nicole Detling interview world-class performers across multiple industries.
Make It Possible
Make It Possible reflects our focus on bringing cybersecurity awareness to our communities and enabling the next generation of cybersecurity professionals.
Careers
Join our world-class team.
Press and Media Coverage
ReliaQuest newsroom covering the latest press release and media coverage.
Become a Channel Partner
When you partner with ReliaQuest, you help deliver world-class cybersecurity solutions.
Contact Us
How can we help you?
A Mindset Like No Other in the Industry
Many companies tout their cultures; at ReliaQuest, we share a mindset. We focus on four values every day to make security possible: being accountable, helpful, adaptable, and focused. These values drive development of our platform, relationships with our customers and partners, and further the ReliaQuest promise of security confidence across our customers and our own teams.
More results...
Valentine’s Day is fast approaching and for many people that means one thing: going to the app store of their choice and downloading a dating app. Even with restrictions from the COVID-19 pandemic, dating apps such as Tinder, Hinge, Grindr, and Bumble have thrived as people are often forced to stay indoors and isolated, eschewing traditional ways of meeting.
It’s great that people have continued to connect and find love despite the various lockdowns, but the success of dating apps raises a few eyebrows for the cybersecurity nerds out there. Research has shown that people feel free to share more sensitive information on their dating apps than compared to other social media profiles. Dating app profiles can push individuals to overshare bits of their lives that they would otherwise keep offline. Additionally, information is shared by default when accepting the terms and conditions of your dating app of choice. Depending on the apps being used, shared data may often include sexual orientation, gender, location data, religion, and political affiliations.
Now think of the consequences of having such data out in the open and for the wrong hands to grab. Given the wealth of data shared with these platforms, the risks connected to this practice for users are many. But don’t give up on cupid! This blog will make you aware of the three main threats linked to dating app security and ways to date (online) in a secure manner.
Data breaches involving dating platforms are highly sought after in the cybercrime space for the customer PII they hold. The last few years have already demonstrated the profound impact of data breaches on affected organizations and individuals. It’s impossible to forget the extramarital dating service Ashley Madison data leakage of 2015 where cybercriminals managed to steal and release the private details of more than 32 million users, including names, physical address, sexual preferences, and credit card data on the dark web.
The Ashley Madison leak is probably the most prominent one in the dating technology field. Still, reality has offered many more examples of how these apps may not be the safest technology. In a more recent example, researchers showed that dating app Bumble left personal data of more than 100 million users up for grabs due to a software vulnerability in their API.
Although no user data was compromised (according to a statement from Bumble), the vulnerable data included highly sensitive information about its users, such as personal photos, location data, political affiliation, astrological signs, and even height and weight. This information could be easily weaponized by ill-intentioned actors to commit fraud, create profiles, or potentially demand ransom payments from users.
That’s why a quick trip into cybercriminal forums and marketplaces highlighted the presence of several listings about dating services. General chat on these platforms’ English language sections mainly consisted of requests or listings of databases following breaches of dating services or emailing lists. For example, Digital Shadows (now ReliaQuest) identified several instances of cybercriminals selling databases full of personal information that you can see below:
As with all online accounts, you should be concerned with account security. We recommend using a strong password and multi-factor authentication (MFA) for your login. Account takeover has never been easier or cheaper and leads cybercriminals to collect many stolen accounts for nefarious purposes. For more reading on the market for stolen accounts, see our research, “From Exposure to Takeover: The 15 billion stolen credentials allowing account takeover“.
Second, getting access to personal, sensitive user information can support cybercriminals in orchestrating highly targeted social engineering campaigns. For example, if a malicious actor was interested in sending you a phishing message or email to convince you to download and execute a suspicious file, building trust and rapport on a dating app chat (and later through SMS-based text messages) could seriously increase their chances of a successful attempt.
To offer a practical example, let’s imagine for a second that I have created my dating profile and claim that I’m an animal enthusiast and I volunteer in a local dog rescue center. While these are totally legitimate interests and may help me get a compatible partner on these apps, it’s good to keep in mind that cybercriminals may exploit this information against me.
How would they do that? Maybe by sending me a targeted message claiming that they found an abandoned puppy and to click on the link to go rescue it. The temptation could be irresistible and if the email is crafted well enough, I might fall for it and click on that malicious link. Cybercriminals are well aware of cognitive biases in the human mind and are not ashamed of leveraging them to see their campaigns successful.
Estimates say that bots contribute to half of web traffic—and dating apps are no exception. Bots ravage these platforms with fake profiles that allow scammers to reach thousands of people in a relatively short amount of time.
Scammers using these bots will likely ask at some point to move the chat outside the dating app, conveniently providing an external link. Avoiding clicking on these links and reporting the suspicious user is always the right thing to do and can save you lots of pain and time in the long run.
Additionally, as most dating services require you to pay a fee to subscribe to premium services, the platform will also have access to your credit card details If exposed, these credit card details can be sold on an online carding shop and used for fraudulent purposes, money laundering and identity theft. As such, avoid as much as you can sharing those details with any platform as its repercussions can be long and enduring. Use a virtual credit card for online payments and pat yourself on the back for practicing good security.
I am well aware that cybersecurity best practices aren’t the first thought that pops in people’s minds when deciding how to behave on dating sites. However, the two things can go hand in hand, and applying some necessary measures can really go a long way in preventing bad things from happening.
The usual cyber hygiene best practices will always apply, but here are a few additional tips:
Personal Data:
Phishing, Scams, and Fraud:
Checking these boxes can go a long way in preventing bad experiences online. Being aware of the potential threats out there will only make the time spent on dating apps more safe and secure for everyone.