Donald Daters, a dating app for Trump supporters, leaked its users’ data

[Destry Winant <destry () riskbasedsecurity com>]

https://techcrunch.com/2018/10/15/donald-daters-a-dating-app-for-trump-supporters-leaked-its-users-data/

A new dating app for Trump supporters that wants to “make America date
again” has leaked its entire database of users — on the day of its
launch.

The app, called “Donald Daters,” is aimed at “American-based singles
community connecting lovers, friends, and Trump supporters alike” and
has already received rave reviews and coverage in Fox News, Daily Mail
and The Hill.

On its launch day alone, the app had a little over 1,600 users and counting.

We know because a security researcher found issues with the app that
made it possible to download the entire user database.

Elliot Alderson, a French security researcher, shared the database
with TechCrunch, which included users’ names, profile pictures, device
type, their private messages — and access tokens, which can be used to
take over accounts.

The data was accessible from a public and exposed Firebase data
repository, which was hardcoded in the app. Shortly after TechCrunch
contacted the app maker, the data was pulled offline.

We reached out to Emily Moreno, the app’s founder and a former aide to
Sen. Marco Rubio; she did not comment.

According to the app’s website, “all your personal information is kept
private.” Except, as it happens, when it’s not.
_______________________________________________
BreachExchange mailing list sponsored by Risk Based Security
BreachExchange () lists riskbasedsecurity com

If you wish to Edit your membership or Unsubscribe you can do so at the following link:
https://lists.riskbasedsecurity.com/listinfo/breachexchange