A dating app geared towards connecting supporters of U.S. President Donald Trump exposed members’ personal and account information.
On 15 October, security researcher Baptiste Robert (who also goes by the name “Elliot Alderson”) discovered security weaknesses in the Donald Daters dating app that exposed several pieces of users’ information.
Hi @FoxNews and @realDonaldTrump supporters,
You should not use this app. In 5 minutes, I managed to get:
– the list of all the people registered
– personal messages
– token to steal their session
Thread ⬇️ https://t.co/72KdNJTrmk
— Elliot Alderson (@fs0c131y) October 15, 2018
Alderson directed Motherboard to a misconfigured database containing members’ data. It’s then that Motherboard verified some of the issues by creating an account with the app, searching for users exposed by the database, finding them through the service and confirming that their profile photos and names matched up. Motherboard was unable to confirm whether the issues actually exposed users’ personal messages, and it didn’t attempt to steal access to members’ sessions for legal reasons.
The security researcher announced the security weaknesses after Fox News published a story on Donald Daters. The app, which uses the tagline “Make America Data Again,” claims to send 25 matches to users every day. It also reassures members that their personal information will be kept safe.
“All your personal information is kept private,” the app states. “We encourage safe online dating so please be sure not to share any private information on your profile before vetting anyone you may be interested in meeting in our community.”
Donald Daters did not immediately respond to Motherboard’s request for comment.
Given the vulnerabilities found in this dating app, users should take certain precautions when signing up for a dating service. One of the most important things they can do to protect themselves is to share as little personal information as possible with the app and to never divulge their details via in-app messing, email or text. They should also be on the lookout for matches who ask them to hand over their banking information or send money.
Learn more security best practices for dating apps.