According to a French security research, the Donald Daters app launched with a major security flaw; the database that stores all the user information is actually exposed on the open internet.
A dating app for President Donald Trump supporters is apparently leaking its users data, including the private messages.
The app is called Donald Daters and it launched on Monday with the goal of helping conservative-leaning singles connect. «You can message each other privately right inside of the app,» the website for it claims.
But according to a French security research, the app launched with a major security flaw; the database that stores all the user information is actually exposed on the open internet.
«You should not use this app,» tweeted the researcher, who goes by the name Elliot Alderson. By accessing the database, he was able to collect profile data, including names, photos, personal messages, and the digital access tokens to log into their accounts. He even claims to have the ability to delete the app’s data.
To prove his point, he tweeted snapshots of the private messages he pulled from the database, in addition to user profile data. PCMag had a chance to examine a log taken from the database, and it did appear to show chats from actual users over the platform along with their profile pics.
I made a small proof of concept to show how the database of the Donald Daters app is vulnerable. With this POC I can: — see all private messages — see all user info — delete what I want: a message, an user, the all database,… pic.twitter.com/7doErhzYdY
The developers of Donald Daters did not immediately respond to a request for comment. But Alderson told PCMag the app’s database was simply misconfigured, which should make the problem easy to fix.
Fortunately, the app just launched, so there probably isn’t a large number of sensitive messages to leak. But aside from the exposed database, the Donald Daters app also appears to be buggy. PCMag tried it noticed it took several tries to register a profile account. At one point, the app also displayed a warning saying the database had «reached its peak connections limit.»
