[BreachExchange] Donald Daters, a dating app for Trump supporters, leaked its users’ data

Destry Winant destry at riskbasedsecurity.com
Mon Oct 15 23:46:22 EDT 2018


A new dating app for Trump supporters that wants to “make America date
again” has leaked its entire database of users — on the day of its

The app, called “Donald Daters,” is aimed at “American-based singles
community connecting lovers, friends, and Trump supporters alike” and
has already received rave reviews and coverage in Fox News, Daily Mail
and The Hill.

On its launch day alone, the app had a little over 1,600 users and counting.

We know because a security researcher found issues with the app that
made it possible to download the entire user database.

Elliot Alderson, a French security researcher, shared the database
with TechCrunch, which included users’ names, profile pictures, device
type, their private messages — and access tokens, which can be used to
take over accounts.

The data was accessible from a public and exposed Firebase data
repository, which was hardcoded in the app. Shortly after TechCrunch
contacted the app maker, the data was pulled offline.

We reached out to Emily Moreno, the app’s founder and a former aide to
Sen. Marco Rubio; she did not comment.

According to the app’s website, “all your personal information is kept
private.” Except, as it happens, when it’s not.

More information about the BreachExchange mailing list