Cyber security
Lack of HTTPS means website is exposing passwords to simple Wi-Fi hack Reuters

Dating website is exposing the passwords of its millions of users by not securely protecting its login page.

Discovered in early March and still an issue at the time of publication, the website's home page does not use HTTPS security; instead, by using the older HTTP standard, the emails addresses and passwords of users logging into the site can be stolen by anyone on the same Wi-Fi network. unencrypted website
Chrome web browser alerting users that Match,com website is not encrypted or verified IBTimes UK

Discovered by a reader of Ars Technica, the flaw means's website is using an unprotected HTTP connection to transmit the login data, allowing anyone to perform a man-in-the-middle attack, most simply performed by logging into the same Wi-Fi network as the victim, such as in a cafe or train station.

Ars Technica states: "Had followed basic security practices and properly enabled HTTPS on the login page, the entire session would have been unintelligible to all but the end user and connecting server."

According to data published by Statistic Brain in March claims has over 21.5 million members worldwide.

As it stands, the technology website was able to view the email address and password of one of its reporters as they logged into Given many people use the same passwords for several websites, social networks and even banking services, it wouldn't take much effort for a hacker to gain access to much more than their dating profile.

It isn't clear how long the flaw has existed. Scott Bryner, who discovered the problem, took a screenshot which suggests is experiencing a server configuration error that is redirecting all HTTPS traffic to an unsecure HTTP connection. is part of the Match Group, which includes OKCupid and smartphone dating app Tinder, and is owned by US media company InterActiveCorp.

IBTimes UK has requested a comment from's UK press office about the security flaw.