User data of Donald Daters app for Trump supporters leak out
MANILA, Philippines – A security researcher found issues with a newly-launched dating app marketed toward Donald Trump supporters, allowing one to grab data, photos, and messages of registered users within a short amount of time.
The dating application, called Donald Daters, had a large enough security issue to allow researcher Robert Baptiste, whom Vice said goes by the handle Elliot Alderson on Twitter, to find the following:
- The list of all the people registered
- Personal messages
- Tokens to steal their session
Hi @FoxNews and @realDonaldTrump supporters,— Elliot Alderson (@fs0c131y) October 15, 2018
You should not use this app. In 5 minutes, I managed to get:
- the list of all the people registered
- personal messages
- token to steal their session
The researcher said there were 1,607 users at the time of his access, with 128 "rooms" – discussions between users – tallied. These included discussions involving developers.
A TechCrunch report said the data was accessible from a public and exposed Firebase data repository. This repository was hardcoded in the app, and was taken offline after the app maker was informed of the issue.
As of posting, Donald Daters has not released a statement on the issue. – Rappler.com