On the day a new dating app for Trump supporters launched, it leaked the entire data base of its users, according a report from TechCrunch.
The app is called “Donald Daters” and aims to connect “lovers, friends, and Trump supporters alike.” When the app launched, it had over 1,600 users and was growing fast. But according to TechCrunch, researchers found vulnerabilities in the app that made it possible to download the entire user base.
Elliot Alderson, a French security researcher, shared the database with TechCrunch, which included users’ names, profile pictures, device type, their private messages — and access tokens, which can be used to take over accounts.
The data was accessible from a public and exposed Firebase data repository, which was hardcoded in the app. Shortly after TechCrunch contacted the app maker, the data was pulled offline.
According to the app’s website, “all your personal information is kept private.” Except, as it happens, when it’s not.
The exposed data included biographical details like names, profile photos, even tokens for logging into peoples’ accounts, giving access to private messages.
“This is super easy to replicate,” Baptiste Robert, the security researcher who discovered the issue told VICE.
VICE downloaded and tested the app, which they described as “clunky and seemingly barely functional.” They also found that not many people seemed to be using it.
“…I don’t see literally anybody on this app… What did I just pay for?” one user reportedly commented.
In true Trump fashion, personality questions on users’ profiles asks what makes them “triggered,” There are also reportedly numerous misspellings throughout the app. It reportedly only lets users look at 10 people before putting up a paywall that asks them to pay a $29.99 monthly fee.
Featured image via screen grab/Donald Daters