A dating app geared towards connecting supporters of U.S. President Donald Trump exposed members’ personal and account information.
On 15 October, security researcher Baptiste Robert (who also goes by the name “Elliot Alderson”) discovered security weaknesses in the Donald Daters dating app that exposed several pieces of users’ information.
You should not use this app. In 5 minutes, I managed to get:
– the list of all the people registered
– personal messages
– token to steal their session
Thread ⬇️ https://t.co/72KdNJTrmk
— Elliot Alderson (@fs0c131y) October 15, 2018
Alderson directed Motherboard to a misconfigured database containing members’ data. It’s then that Motherboard verified some of the issues by creating an account with the app, searching for users exposed by the database, finding them through the service and confirming that their profile photos and names matched up. Motherboard was unable to confirm whether the issues actually exposed users’ personal messages, and it didn’t attempt to steal access to members’ sessions for legal reasons.
The security researcher announced the security weaknesses after Fox News published a story on Donald Daters. The app, which uses the tagline “Make America Data Again,” claims to send 25 matches to users every day. It also reassures members that their personal information will be kept safe.
“All your personal information is kept private,” the app states. “We encourage safe online dating so please be sure not to share any private information on your profile before vetting anyone you may be interested in meeting in our community.”
Donald Daters did not immediately respond to Motherboard’s request for comment.
Given the vulnerabilities found in this dating app, users should take certain precautions when signing up for a dating service. One of the most important things (Read more...)
*** This is a Security Bloggers Network syndicated blog from The State of Security authored by David Bisson. Read the original post at: https://www.tripwire.com/state-of-security/security-data-protection/dating-app-for-trump-supporters-exposed-members-information/