Hacker Newsnew | past | comments | ask | show | jobs | submitlogin

OKCupid has another security issue related to email. If you get your hands on a link that they send out to a person's email regarding a match then that link auto logs you into their account and you can do whatever you want with it.

I discovered that when a friend of mine forwarded me a match that they had made and I suddenly found myself able to read their messages.

I contacted OKC about it and they did reply saying that it was a WONTFIX.




Consider applying for YC's Fall 2025 batch! Applications are open till Aug 4

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: