A user of OkCupid told TechCrunch that he was recently locked out of his account by a hacker who had changed his password and changed his email address on file.
The app reportedly didn't send an email to confirm the address change, but simply accepted it.
The hacker later sent the user odd text messages with words lifted from one of his private messages.
“Unfortunately, we’re not able to provide any details about accounts not connected to your email address,” OkCupid’s customer service said in response to his complaint, which he forwarded to TechCrunch.
Several other users told TechCrunch they had similar experiences on OkCupid. A few also said their passwords were unique to the dating app, and they were unable to explain how they were hacked.
“Dating apps are key targets for cybercriminals, especially with Valentine’s Day approaching. With two-factor authentication and mobile-identity based APIs in place, companies like OkCupid can integrate more security measures for their users before they become victims of an attack," Guillaume Bourcy, Global Senior Director at TeleSign, told Fox News via email.
A spokesperson from OkCupid gave Fox News the following statement on Monday:
"There has been no security breach at OkCupid. All websites constantly experience account takeover attempts and there hasn't been an increase in account takeovers on OkCupid. There's no story here."
The dating app's support page states that account takeovers can happen if people use the same password on several different sites and services because "then your accounts on all of them have the potential to be taken over if one site has a security breach."
OkCupid, along with Match, Zoosk, eHarmony and other dating sites, does not use two-factor authentication at all, reports TechCrunch.