Online dating services offer a convenient and personalized way to meet that special someone. But along with matchmaking possibilities, these websites can provide an avenue for thieves to steal your identity and wreak havoc with more than your love life.
The Federal Trade Commission estimates that the identities of up to 9 million Americans are stolen annually. The Consumer Reports National Research Center puts that figure even higher, saying that nearly 16 million American households were victims of identity theft during the past year. In many cases, hackers accessed the victims’ online information, according to the Center’s latest survey.
In the world of online dating, a security breach of eHarmony’s system offers one cautionary tale. Some 1.5 million passwords belonging to eHarmony members were recently stolen and posted to the Web, according to news reports.
The company says it is still investigating the incident and has taken steps to protect its members since the passwords were compromised. But dating websites need to do a better job of safeguarding consumers’ personal data, according to Internet security experts.
Users of dating sites regularly put their privacy and security at risk, according to the Electronic Frontier Foundation. The nonprofit organization recently scrutinized eight online dating sites and concluded that most of them failed to employ basic security measures.
For example, most of the sites did not use HTTPS, the standard Web encryption that scrambles personal information sent over the Internet into code to ensure that visitors’ Web sessions are secure.
Among other advantages, HTTPS hides your private data from other users of shared networks, such as those available at WiFi hotspots in airports, hotels, libraries, coffee shops and other public places.
While even HTTPS encryption isn’t impenetrable, as illustrated by the recent Beast attack, it is the strongest protection that a site can offer its visitors. Any site requiring personal information should use HTTPS encryption.
How Dating Sites Expose Information
Online dating sites can jeopardize users’ sensitive information in a number of ways, according to the Foundation and other Web security experts.
- Making profiles public by default. This means that user profiles are publicly indexed by Google and therefore searchable.
- Daters’ profiles and photos may be saved and remain on the company’s servers for years, even after a user has closed his or her account. And because photos may also be hosted on an outside server, they may remain accessible even after a user deletes his/her photo from the dating website.
- Dating websites typically use “cryptographic hashing,” an encryption scheme that uses a mathematical algorithm to turn a password into a string of letters and numbers and stores only the encoded version. The problem is that skilled hackers can crack hashed passwords.
In itself, the personal information that users share on a dating site may not be enough to lead to identity theft. But a cybercriminal may be able to combine that information with other data or tools to rip off users’ identities.
For example, an identity thief could use personal information gleaned from a dater’s profile, such as an email address, and engage in “phishing” — sending an email that appears to be from a legitimate organization, such as a bank, to steal more private details from the victim.
Precautions when Using Dating Sites
The best way for online daters to guard against identity theft is to take some basic security precautions.
Don’t share any personal information that could reveal your identity, advises the eHarmony website. “Never include your last name, email address, home address, telephone number, place of work or any other identifying information in your Internet profile or initial email messages.”
When accessing accounts while through WiFi hotspots in particular, the Federal Trade Commission recommends always using a personal virtual private network to encrypt information. Personal VPNs like Private WiFi protect your sensitive information by making it inaccessible to hackers, even when you’re connected through an unsecure network.