The OKCupid login flaw was all over the blogs a while ago… Although to be fair its just common sense
if you forward your OkCupid and HowAboutWe emails to friends, they can click on the link and are automagically logged into either service as you. I was contacted by The Verge this morning, then I reached out to OKC, which decided not to comment. Good news is that HAW let’s you opt-out of the functionality. Wonder if OKC is going to add opt-out as well. Funny thing is this has been the case for years and it’s just now become A Thing.
I wonder if spammers/scammers knew about this all along and used it to their advantage?
Frankly this is common sense stuff, don’t forward your email to friends. Specially if there are custom/tracking links.
By which I mean – http://www.okcupid.com/l/.dhkihjkdjiw.78899tYZvbGRlcj0x.ddh7665usnjia6JR9Dgyuijknmjwki8uhwnnf==