What’s the difference between a working app and a successful dating platform? User trust — and it can be lost in a matter of seconds if the platform doesn’t take cybersecurity seriously. 

Business Digital Index (BDI) recently released a comprehensive cybersecurity report that found 75% of 24 major dating platforms are at high or critical risk of security breaches. On their BDI report cards, these major app companies received bright red Ds and Fs. 

None of the 24 platforms in BDI’s study received an A, suggesting that the overall industry is due for an upgrade. 

Aside from being a straightforward safety metric, BDI’s study breaks down individual aspects of cybersecurity that dating platforms are responsible for, from encryption protocols to web security to software patching. 

The worse a platform’s security, the more vulnerable it is to attack. This is especially true for dating platforms, which depend on user trust and personal user data to function. With so much at stake, consumers crave dating platforms that score consistent As — not those that coast on Cs and Ds. 

Bumble and EliteSingles Earned The Highest Safety Grade

A platform that listens to its users seems to find the most success, according to BDI: Bumble, a company that has faced its fair share of controversies and slumps in recent years, still got the best grade in the “risk score” category (a B, indicating medium risk) in part because it has responded directly to user concerns in the past. 

EliteSingles also received a B, and its sister site, SilverSingles, got a C. BDI described C and D-earning platforms as “secure enough to avoid outright failure, but not by much,” and said their security “is mediocre at best.”

This applies to the most popular dating apps in the world, including Tinder, Hinge, Grindr, OkCupid, eHarmony, Plenty of Fish, and Feeld. 

Then there are the F students. CoffeeMeetsBagel, Christian Mingle, Match, and AdultFriendFinder are among the best-known in this grade group. Their failing grade is attributed in part to former security failures, and how some of these platforms have yet to meaningfully improve their safety standards. 

BDI broke down its grading methodology into seven parts: 5% of the grade, or the smallest percentage, is based on the efficacy and safety standards of the system’s host. Another 5% of the grade goes to the types of encryption protocols used (such as TLS or SSL configuration) and how they’re implemented. 

Badoo, Grindr, and Match are three of the 11 platforms that BDI said “display [a] high number of TLS configuration issues.” Another 5% of each platform’s grade goes to system reputation, or as BDI describes it, “How malicious activity is linked to internet service providers (ISPs) or domains.” 

As a particularly vulnerable part of a platform, email security makes up 15% of BDI’s letter grade. This is a problem area for F-earners like Coffee Meets Bagel, Christian Mingle, and Match. BDI found that these platforms are susceptible to phishing because they lack email authentication safeguards. 

Successful Platforms Reinforce User Trust 

Just as important is web application security, which takes up another 15% of BDI’s grading system, namely because it handles the user’s personal data. Taimi, Bumble, Ourtime, BlackPeopleMeet, Grindr, and Match are among the better-known platforms to lose points in BDI’s report because of weak web application configuration. 

Unlike other apps, dating platforms need to have a solid basis of trust with consumers to succeed. When consumers rely on a platform to keep everything from their name and contact information to their address and sexual orientation out of the wrong hands, this level of trust is essential. 

Industry professionals know very well what the company stands to lose if web security is compromised. Sometimes a company needs to temporarily shut down operations to fix the problem, leading to financial losses and compromised trust from investors, not to mention bad press. 

Look what happened to Tea, a platform marketed around the promise of safety. When thousands of personal photos and DMs were hacked, the company had no choice but to shut down its messaging system. It also had to contend with scrutiny from major news outlets, including The New York Times, CNN, and NPR. 

A Quick Response to Problems is 30% of the Grade 

Having a history of data breaches and compromised security affects 25% of a company’s BDI grade. BDI also investigated whether the personal data lost in these breaches can still be found floating around the dark web. 

The answer to this question is, more times than not, yes: Data from 76% of the 24 companies were detected in various parts of the dark web, including in marketplaces. “We cannot confirm whether those credentials remain valid,” BDI pointed out. 

Still, 30% of BDI’s grade — the biggest chunk — is based on software patching. Consumers, investors, and safety groups want to see that a platform is constantly monitoring potential problems, rolling out solutions, and improving itself. 

This is what happened — or, more accurately, didn’t happen — at AdultFriendFinder, which BDI discovered has over 100 unaddressed software vulnerabilities. 

The public will never know what happens within the walls of a dating platform when it suffers a security breach. Only industry insiders can truly track the internal damage. But deep-diving studies like BDI’s suggest that consumers are increasingly tapped into the security measures taken by their most trusted apps. 

When this trust is violated, the public is going to know about it. And unless the platform makes visible improvements, their trust may be lost for good.