A very public affair
When asked about the pitfalls and problems behind using dating apps, users cite data security as one of the most worrying elements of online dating. Since the Ashley Madison breach in July 2015, online dating sites have repeatedly been under media scrutiny for the poor management of users’ personal information. For Ashley Madison, which controversially pitched itself to people who were already married or in existing relationships, this opened breach victims to more than simple credit card fraud. The very real possibility of extortion, blackmail, internet shaming, and some very awkward conversations with partners and family, placed users in a difficult and vulnerable position – the very position that Ashley Madison was allegedly created to avoid.
In the same year, AdultFriendFinder reported a breach including the information of nearly 4 million subscribers, which was leaked on a darknet forum, exposing usernames, email addresses, dates of birth, and postal codes. Such incidents have been very public, making headline news, and are very personal for those whose data was compromised. Only last year, over 2.28 million members of the dating site MeetMindful fell foul of a wide-ranging breach that exposed data including Facebook tokens, real names, email addresses, and physical characteristics. A public relations nightmare for the site involved, and a treasure-trove of ammunition for future phishing campaigns baited with social engineering titbits.
The list of dating app branches goes on and on. As a much-publicized problem and an ever-present concern for those of us looking for love online, how can dating portals – and the white-label applications that support them – put minds at ease, guarantee user safety, maintain positive public relations, ensure regional regulatory compliance, and maintain their stock prices?
Users need to feel safe that a stalker can’t get hold of their postcode, that they will avoid the emotional distress of their credit card information being exposed, that their email address won’t become the property of spammers, that their private conversations won’t become public, and that their most intimate details and preferences are safe. No site that handles the personal information and financial data of customers can afford to compromise on security – especially sites in the public eye and media firing line like dating sites. When you’re one of a black hat hacker’s favorite targets, it doesn’t pay to let your guard down. There is, after all, nothing romantic about a data breach.
Dating websites and applications need robust systems in place to safeguard data – and need to be able to talk about these processes publicly as part of their ongoing marketing. It is essential, at minimum, that sites use encryption and functionality against certificate-spoofing attacks. Applications must be able to wear their security credentials openly. Being able to say that your site is proactively protecting a users personal data is a valuable differentiator in an already busy marketplace where there is (almost literally) a dating app for every niche and sub-interest. If a white-label platform isn’t offering multi-factor authentication and a guarantee of immediate data deletion, openly, this is a security red flag for the increasingly savvy singletons and those developing the niche applications out there. No user wants to feel compromised by having their personal information revealed to the world, especially through such a personal experience as a dating site.
To win against the bad actors and ensure data compliance, dating organizations need complete visibility into all their data environments – in the cloud, on-premises, or hybrid. Automatically reviewing user data privileges, verifying accurate data access configurations, and delivering up-to-date CVE patches are critical in hitting those global data standards. Dating application security teams need to be constantly monitoring data access, regardless of type, while detecting potential insider threats, or compromised user accounts – the most common cause of data breaches. Compliance and security are continuous processes, and they need automated data risk analytics to streamline the detection of nefarious, non-compliant, or suspicious data access behavior to know if any risky activity is an actual security incident. They need to identify potential threats before they create damage. Automating the required compliance auditing, data collection, and reporting functions, is a major boon to busy security teams.
Furthermore, dating apps need to collect all necessary forensic audit records and must be able to support a user’s rights to erasure, rectification, and access. Some platforms are becoming notorious for “fake bot accounts” and for “bogus profiles,” and a key differentiator will be those applications that can give users peace of mind, offer instant profile and data removal, and guarantee a genuine experience without a users personal data being scraped or them falling pray to the anguish of account takeover.
Developers must have the ability to use third-party code and to move to fast deployment, without security being a bottleneck to success. The dating industry moves quickly, and staying ahead of new features is critical to the success of a platform. As such, the industry is making use of runtime protection (RASP), giving them a safety net against zero-day vulnerabilities and affording teams more than just the basic perimeter security of most cloud-native applications.
Wearing our hearts on our sleeves
Security has now become a positive PR exercise for dating apps. Those who can say, and show, they are taking user security seriously are a stand-out in an ocean of broad and niche services offering a plethora of experiences. Many platforms – those who offer the reskinnable experiences used by many of the niche sites – are taking this as seriously as we do, and they know that the reputation of their customers depends on it.
With data protection a growing public concern, and security in the dating industry now a business necessity, why would any dating platform developer or application user trust a platform or dating app that didn’t have their best interests at heart? Marketing teams are now leveraging the current media attention around cybersecurity to showcase their organizational efforts in combatting any threat and supporting their users – getting a step ahead in the conversation and a step ahead of their competitors in the process. Cybersecurity is now a thought leadership talking point for the dating industry.
If you would like to know more about complete and automated solutions to protect your data and applications, putting you a step ahead of your competition in this increasingly busy space, give us a call. We’re here to help.
Try Imperva for Free
Protect your business for 30 days on Imperva.