OkCupid’s Android and web applications could allow the theft of users’ authentication tokens, users IDs, and other sensitive information. The Match Group-owned company fixed the issues, stating, “not a single user was impacted by the potential vulnerability” The flaws were identified as part of reverse engineering of the app version 40.3.1, which was released on April 29 earlier this year. Check Point researchers also uncovered a separate flaw in the app’s settings functionality that makes it vulnerable to an XSS attack by injecting malicious JavaScript code.
Source: https://thehackernews.com/2020/07/hacking-okcupid-account.html