Site navigation

Donald Daters App Leaks User Data Hours After Launch

Ross Kelly

,

Donald Daters app

Are you a Trump supporter looking for love? Donald Daters may have been the app for you…until a data leak occurred hours after launch. 

Hailed as the ‘Tinder for Trump supporters’, the Donald Daters app may open up a world of love for American Republicans and right-wing voters.

The app’s creators describe it as an “American-based singles community connecting lovers, friends and Trump supporters alike,” and while this sounds absolutely…fantastic, sadly the launch has been an abject failure.

Shortly after launch on Monday, the app leaked the personal information of more than 1,600 users. A security researcher by the name Elliot Alderson broke the news on Twitter and outlined how he was able to download the entire user database.

Donald Daters App

Sharing his findings, Alderson said that he was able to gain access to users’ names, profile pictures, device types and even private messages.

Additionally, the French security researcher said he was able to hijack access tokens, which can then be used to take over users’ accounts.

In a blog post on Medium, Alderson said: “Naaaaah… Seriously…!? They kept the development settings for their database. Their database is accessible by everyone… Now, I’m able to view all the user info (name, avatar, id, platform, notification), use their token, see all the private messages…”

Alderson also shared a proof of concept video on Twitter, which can be found below.

 

Make America Date Again

The Donald Daters app was founded by Emily Moreno, a former aide to US Senator, Marco Rubio. While the aim of this app may have been an honest attempt to bring together potential love matches and ‘Make America Date Again’, once again users have been put at risk due to lacklustre security measures.

According to Alderson, the data was accessed through an exposed, public Firebase data repository. Alderson said the repository was hardcoded in the app.

Moreno confirmed the leak on Tuesday, stating: “We have taken swift and decisive action to remedy the mistake and make all possible efforts to prevent this from happening again.”

Moreno confirmed the app had temporarily suspended the chat feature on the app and that new security protocols were being introduced.

“We are also taking immediate steps to engage a leading, independent cybersecurity firm to pressure test the system to ensure it is secure against other vulnerabilities,” she added.

https://www.digitexpo.uk/

Ross Kelly

Staff Writer

Latest News

%d bloggers like this: