An online dating application for Apple and Android phones launched on Monday and was almost immediately hit by cyber attackers. One security researcher even discovered private information for every user exposed in a publicly available database.
The app — DonaldDaters — was launched by company CEO Emily Moreno in an effort to improve the experience of online dating for supporters of US President Donald Trump, who hold very low popularity rates in many urban areas where dating apps like Tinder and Bumble have revolutionized the romantic scene for young people.
For example, in late June, news articles across the web highlighted the tribulations of young Trump staffers looking for a night out in the nation’s majority-liberal capital.
“We started this app to provide a solution to so many Trump supporters who have told me their dating horror stories,” Moreno told the conservative DC newspaper the Washington Examiner, adding that “for many of them, liberal intolerance has made meeting and dating nearly impossible. Support for the president has become a deal breaker instead of an icebreaker.”
But even in such an online safe space, users of DonaldDaters were outed by the same app they had put their faith into in their quest to find love — or whatever else one may find through a dating app.
According to Moreno, the app was the subject of a “brute force” attack within five hours of launching, which the Examiner claims was conducted by “the left’s hackers.”
“Our servers experienced unusual traffic volumes that saturated our network due to so-called ‘brute force’ attacks. We withstood the attacks, which were clearly designed to try to overwhelm the servers so our users could not access them,” Moreno said.
What she is likely describing is called a Distributed Denial of Service (DDoS) attack, which is a fairly elementary form of cyber attack characterized by coordinated use of a web server with the aim of overloading it with large amounts of traffic. In other words, hackers weren’t necessarily involved in the “brute force” attack on the DonaldDaters servers.
Meanwhile, the more than 1,600 people who signed up for the app on launch day had their information leaked. French cybersecurity researcher Elliot Alderson discovered that a database was available for download that included users’ names, pictures, the types of phones they use, their private messages and tools which can be used to take control of their accounts.
“The app is out only for a few hours so there is only 1607 users and 128 matches. Funny thing, the longest discussion, 62 messages, is between the devs of the app,” Alderson wrote in a blog post. “I’m a nice hacker, but adding this small line ‘myRef.setValue(“”)’ would have erased their entire database,” he said.
DonaldDaters tweeted Tuesday morning that they had fixed the security vulnerability and thanked Alderson for “ensuring users are protected.”
Meanwhile, an alert at the top of the app’s website links to a message from Moreno to the app’s users.
The developers were apparently forced to shut down the exchange of messages through the app “while we implement new security protocols,” the letter said. “We have taken swift and decisive action to remedy the mistake and make all possible efforts to prevent this from happening again.”
Reviews on the Google App store don’t reflect much better on the company. With 33 ratings, the app has just three out of five stars.
“Not only is this app incredibly buggy, to the point of being in alpha, it steals money. You do a transaction, you get a Google Play receipt, the funds disappear from your bank, and the app gives you an error saying that there was an error and no funds were charged when they clearly were!” one reviewer said, giving one star.
Another review, which gave three stars but had 39 other people respond to its criticism with a “thumbs up,” said it’s “kinda silly that you can’t interact or see your matches unless you pay the monthly fee. You’re a new app, you don’t have many selections yet. I’m not gonna pay $30 a month to scroll through the same 5 guys who don’t even live in my state.”
Several of the 17 people who have reviewed the app have complained of receiving endless error messages, to the point where the app is unusable.
Sourse: sputniknews.com