Skip to content
Naked Security Naked Security

Donald Daters app for pro-Trump singles exposes users’ data at launch

A security researcher found a publicly exposed Firebase data repository that was hardcoded in the dating app.

Donald Daters, a new dating app that promises to “make dating great again” has instead leaked its users’ data.
On its first day.
The app, available on Apple and Android, went live on Monday morning and Fox News reported that Donald Daters is “open to everyone.” Unfortunately, Donald Daters turned out to be open in ways you really don’t want your app to be.
After Fox’s report was widely picked up by other media outlets, French security researcher Baptiste Robert – who also goes by the Mr. Robot-inspired handle Elliot Alderson – discovered that the app was exposing user information in an open database, including biographical details such as user names and profile photos. It was also exposing what could have been tokens for session IDs that would allow attackers to log into peoples’ accounts and private messages.
Don’t use this app, Robert told Trump supporters:


Motherboard reports that the exposed database included alleged private messages between accounts. It wasn’t able to confirm their veracity, given that users can only send messages for free to one another after a Tinder-style match or if they pony up the monthly $29.99 fee (a one-year subscription costs $9.99/month). Motherboard didn’t check out the potential login tokens because doing so would be legally problematic.

Robert told Motherboard that the issue is “super easy to replicate.”
Robert said that he could get at the data thanks to a publicly exposed Firebase data repository that was hardcoded in the dating app. TechCrunch reports that soon after it contacted the app maker, the data was pulled offline.
Donald Daters was founded by Emily Moreno, a former aide to Senator Marco Rubio. She sent out this statement confirming the exposure on Tuesday:

We have taken swift and decisive action to remedy the mistake and make all possible efforts to prevent this from happening again. Out of an abundance of caution, we have temporarily suspended the chat service on the app while we implement new security protocols. We are also taking immediate steps to engage a leading, independent cybersecurity firm to pressure test the system to ensure it is secure against other vulnerabilities.

Now read this

Donald Daters isn’t the only app for the love-lorn to suffer privacy issues:


5 Comments

Sounds like a app that was designed to do just what the researcher found. To expose closet Trumpers.

The response is perfect. they’re admitting the fault and took immediate action including taking down the service. However the website isnt even using ssl? That should be fixed too. Immediately.

Comments are closed.

Subscribe to get the latest updates in your inbox.
Which categories are you interested in?