Just one day after its launch, a security researcher found its exposed database
Just days into its launch, Donald Daters has not managed to make “America Date Again”, but has leaked its users’ personal information instead.
The app, for people that support the U.S president and hold it as a prerequisite for everlasting love, became available for the public on all Apple and Android devices on Monday (October 15), and following publicity, found itself called out for concerning holes that put its users’ data at risk the next day. A French security researcher, who goes by the name “Elliot Alderson”, discovered the dating app for Trump supporters’ open database, and showcased his findings in a tweet, tagging Fox News and Donald Trump himself.
Donald Daters has been described by its founder as “a new platform...to meet (other young conservative) people without being afraid of talking politics.” Fox News called it a space where “users can chat for free when a match is mutual, block any potential liberals that troll them – Donald Daters is open to everyone.”
Hi @FoxNews and @realDonaldTrump supporters,
— Elliot Alderson (@fs0c131y) October 15, 2018
You should not use this app. In 5 minutes, I managed to get:
- the list of all the people registered
- name
- Photo
- personal messages
- token to steal their session
Thread ⬇️ https://t.co/72KdNJTrmk
‘Elliot Alderson’, also known as Baptiste Robert, showed a preview of some of the “private” information he obtained from the website, alongside a concept video of how he was able to access the 1,607 Donald Daters user accounts and its 128 chat rooms. The researcher even ironically stated in a tweet, “(the) longest conversation is a discussion between the devs of the app” and attached screenshots of this chat between the developers as proof.
Despite the promises of optimum security on the website’s home page, TechCrunch verified that a "Firebase data repository, which was hardcoded in the app” made it possible for user databases to be downloaded and exposed.
Emily Moreno, the founder of Donald Daters and a former aide to Republican senator Marco Rubio, commented on the breach in a statement: “We have taken swift and decisive action to remedy the mistake and make all possible efforts to prevent this from happening again.”
“Out of an abundance of caution, we have temporarily suspended the chat service on the app while we implement new security protocols. We are also taking immediate steps to engage a leading, independent cybersecurity firm to pressure test the system to ensure it is secure against other vulnerabilities.”
Baptiste also clarified his motive in another tweet. “The goal is not to harm the app, so (sic) it worth to say that I deleted nothing, I will not share the code of this POC and I will not share the database. However, it’s worth a write up so I will try to write an article in the coming days.”
Emily Moreno and Donald Daters even thanked the hacker.
Trump-supporting daters will now have to wait patiently while the app is fixed and configurated before they can continue their search for moulding cheeto love.