Looking for Love in All the Wrong Places

Posted by Jon Hendren

Looking for Love in All the Wrong Places by UpGuard

When we think of protecting our information online, it’s usually in the context of traditionally sensitive data-- credit card numbers, addresses, SSNs, and so on. But as anyone who has taken a picture of themselves wearing nothing but a smile can tell you, the information exchanged during online dating can be just as personal. I haven’t done that, though. Ever. I have never done it.

I used the UpGuard Website Risk Grader to evaluate the relative security of many of the world’s top dating sites and found some interesting results. The Grader looks at externally accessible security factors such as whether SSL is enabled, whether its cookies are secure, and a number of other data points to determine as best we can the security of the site from an external viewpoint. UpGuard rolls all that information up into a single numeric score, much like a credit score. If a site’s score is low, it suggests that several standard security measures are probably not in place or may not be configured correctly. A high score means the site’s administrators have given thought to web security and may be taking steps to keep your data as private as reasonably possible.

See your competitors faults

BeautifulPeople.com - 504 out of 950
BeautifulPeople.com - 504 out of 950
The only site on this list named after a Marilyn Manson song, BeautifulPeople boasts having a beautiful member base that “actually look in real life as they do online.” Their members may be beautiful, but their security is looking pretty ugly-- 504 is well below what is considered good. The site lacks SPF, secure cookies, DMARC, and other features that could prevent forged or fraudulent communication with the other beautiful singles.

Match.com - 741 out of 950
Match.com - 741 out of 950

As arguably the most popular-- or at least, the most heavily marketed-- site for online dating in the US, Match.com’s secure member area (secure.match.com) has set up SSL of decent strength, but has neglected to use HSTS, secure cookies, or DNSSEC. From what we can see here, Match’s overall web security is good, but could be better with a few improvements. And being a paid subscription service, there’s really no reason to not go whole hog.

PlentyofFish - 361 out of 950
PlentyofFish - 361 out of 950

Because it’s a free site, you may be considering giving a pass to PlentyofFish. After all, you get what you pay for, right? But by that logic, OkCupid should also rank poorly, but that’s not the case. POF lacks SSL, secure cookies, and fails to obscure server information. But hey, their domain won’t expire for over 5 years, so they’ve got something under control.

The Right Stuff - 694 out of 950
The Right Stuff - 694 out of 950

An attempt at an exclusive dating service for graduates of prestigious schools, this 16-year-old site’s design is straight out of Geocities. The secure area of the site (secure.rightstuffdating.com) actually scores average, despite everything else about the site being ridiculously out of date. For example: “To fully utilize the site’s features it is necessary to use Netscape 2.02 or Internet Explorer 3.02 (or equivalent) or higher.” Internet Explorer 3.02 was released on March 20, 1997. An upgrade to IE 3.03 SP1 was released the following year for Y2K compliance.

Ashley Madison - 789 out of 950
Ashley Madison - 789 out of 950

It’s not much of a surprise that the dating/cheating site whose security has been scrutinized the most also scores the highest-- their administrators have likely been paying a lot of attention to data security since their widely publicized user data leak. To be fair, the Ashley Madison leak was thought to be an inside job, thus the security flaws responsible would not be detectable through this external web scan. But it stands to reason that in the aftermath of the crisis, the company gave extra consideration to web security.

Have a look at the full list, and give the Website Security Grader a spin for yourself.

Site Website Grader Score
Ashley Madison
789
DateMySchool
779
OkCupid
779
Gleeden
779
Zoosk
751
Match.com
741
Meetic
741
Chemistry.com
694
The Right Stuff
694
Dattch
646
ShakeMyWorld
646
MeetMindful
551
Parship
542
Badoo
504
BeautifulPeople.com
504
eHarmony
504
Mamba
504
Lavalife
504
Perfectmatch.com
504
Lovestruck.com
494
Tastebuds.fm
494
Adult FriendFinder
456
Compatible Partners
456
GayRomeo
456
Matchmaker.com
456
AnastasiaDate
409
Gaydar
409
Passions Network
409
Tawkify
380
PlentyofFish
361

 

Who wants an external scan?

 

More Blogs

How CSTAR Works

All the information needed to perform a CSTAR assessment is bundled into the UpGuard platform. Learn more about CSTAR.
Read Blog >

What's In the Website Risk Grader?

The UpGuard Website Risk Grader provides a low friction way to get an initial assessment of a business' risk profile.
Read Blog >

Understanding Risk in the 21st Century

And as we enter 2016, the risk of data breaches in particular threatens to hamper business innovation.
Read Blog >

Topics: cyber security, upguard, cyber risk, webscan

UpGuard Customers