Hailed as the ‘Tinder for Trump supporters’, the Donald Daters app may open up a world of love for American Republicans and right-wing voters.
The app’s creators describe it as an “American-based singles community connecting lovers, friends and Trump supporters alike,” and while this sounds absolutely…fantastic, sadly the launch has been an abject failure.
Shortly after launch on Monday, the app leaked the personal information of more than 1,600 users. A security researcher by the name Elliot Alderson broke the news on Twitter and outlined how he was able to download the entire user database.
Donald Daters App
Sharing his findings, Alderson said that he was able to gain access to users’ names, profile pictures, device types and even private messages.
Additionally, the French security researcher said he was able to hijack access tokens, which can then be used to take over users’ accounts.
In a blog post on Medium, Alderson said: “Naaaaah… Seriously…!? They kept the development settings for their database. Their database is accessible by everyone… Now, I’m able to view all the user info (name, avatar, id, platform, notification), use their token, see all the private messages…”
Alderson also shared a proof of concept video on Twitter, which can be found below.
I made a small proof of concept to show how the database of the Donald Daters app is vulnerable. With this POC I can:
– see all private messages
– see all user info
– delete what I want: a message, an user, the all database, … pic.twitter.com/7doErhzYdY
— Elliot Alderson (@fs0c131y) October 15, 2018
Make America Date Again
The Donald Daters app was founded by Emily Moreno, a former aide to US Senator, Marco Rubio. While the aim of this app may have been an honest attempt to bring together potential love matches and ‘Make America Date Again’, once again users have been put at risk due to lacklustre security measures.
According to Alderson, the data was accessed through an exposed, public Firebase data repository. Alderson said the repository was hardcoded in the app.
Moreno confirmed the leak on Tuesday, stating: “We have taken swift and decisive action to remedy the mistake and make all possible efforts to prevent this from happening again.”
Moreno confirmed the app had temporarily suspended the chat feature on the app and that new security protocols were being introduced.
“We are also taking immediate steps to engage a leading, independent cybersecurity firm to pressure test the system to ensure it is secure against other vulnerabilities,” she added.