How Zoosk Detects and Mitigates Malicious Bots

October 15, 2019 | by Matt Keil


A leader in online dating, Zoosk is committed to delivering personalized matches to its 35+ million members. With the ultimate goal of creating lasting and meaningful relationships, protecting their users from fraud that may be caused by automated bots is a top priority for the Zoosk security team.

Finding Love and Romance – Securely and Safely

Finding a lasting relationship often means letting your guard down. Unfortunately, bad actors are adept at taking advantage of this to execute romance scams. To do this, scammers infiltrate popular platforms and attempt to build connections with legitimate users before asking them to part with their money.

However, to bait other users, they first need accounts and lots of them. The two easiest ways to get them?

Fake Account Creation

Bad actors analyzed the Zoosk user interface and mobile applications to understand the platform’s account creation processes, including the identification of APIs to exploit. In one example, they used the Android mobile application APIs to programmatically establish fake accounts, leveraging compromised infrastructure to execute their attack and masking their identity and location.

Account Takeover (ATO)

Also known as ‘credential stuffing,’ bad actors use this method to validate sets of stolen credentials en masse through automation. And, with 52% of all users reusing login credentials, the success rate makes it an effort worthwhile. Accounts with credentials that are successfully verified are either resold or used by the same attacker as a vehicle for their romance scams.

These automated threats often lead to high-volumes of malicious traffic. In Zoosk’s case, they determined that, on an average week, 80 to 90% of their traffic was synthetic, which significantly increased AWS infrastructure spend.

Zoosk Looks for Their Match

Zoosk’s primary mission is to help people connect and find love on their platform. So, with a goal in mind to protect their users from fraud and improve their application security posture, the IT security team began evaluating possible solutions.

One of the first bot detection and mitigation solutions they implemented leveraged client-side JavaScript injection and mobile SDK to defend against ATO attempts and fake account creation. At first, the approach seemed effective enough. However, as time progressed, two key issues arose:

  • With the client-side approach, attackers were able to catch on and began to examine and reverse-engineer the deployed solution. Their new understanding subsequently helped them evolve their attack strategy to avoid detection. Eventually, Zoosk saw that their new defense had a diminishing impact on stopping bad actors who leveraged bots.
  • In addition to their web applications and APIs, Zoosk also needed to secure their mobile applications. Though they were provided with an SDK, deploying the new security measures with every new release for every OS began to introduce significant friction into their DevOps process.

Partnering with Cequence Security

Realizing they needed a different approach for protecting public-facing applications against bot activity, Zoosk considered other options. Ultimately, they discovered Cequence Security’s Application Security Platform (ASP) and opted to replace their existing bot detection and mitigation solution.

By tracking the unique multi-step behaviors of real attacks against Zoosk’s applications, Cequence Security gave the Zoosk security team the visibility they needed to distinguish malicious bots from legitimate activities and mitigate them.

The Cequence ASP analyzes every interaction from a user, client, network, and application perspective. It then uses the resulting data to build a syntactic profile through machine learning models, behavioral analysis, and statistical analysis. This approach allows Zoosk to accurately detect automated attacks and create informed policies to mitigate them – even as bad actors re-tool to avoid mitigation.

In 2018, a breach exposed the access tokens of more than 50 million Facebook accounts. With Cequence, Zoosk was able to detect and address the spike in login activity generated by bad actors that reused the exposed tokens in attempted ATO attacks against Zoosk.

After deploying the Cequence ASP, the dating company was able to future-proof its application security approach, reduce AWS spend, and improve user experience. Since, after deploying Cequence ASP on AWS, their platform efficacy improved.

While Cequence was founded to solve some of the hardest real-world application security challenges, this story is also about the teams behind both platforms. Zoosk cited that the support from the Cequence Team has been amazing, and delivered a great customer experience.

We can honestly say we’ve enjoyed working with them equally.

Want to know more?

Watch the full interview with Conor Callahan, Technical Lead of Platform and Infrastructure at Zoosk:

Matt Keil

Matt Keil

Director of Product Marketing

Additional Resources

Get an attacker’s view of your API attack surface now. Free, no obligation API assessment Arrow icon