Between OkCupid, HER, and Grindr, there are online dating options for most people. There are even sites that cater exclusively to President Donald Trump supporters looking for love from fellow patriots in red caps.
These Trump-positive dating sites have been around for a while now, but their track record is less-than-enviable. The newest and latest of these sites to take a hit is DonaldDaters, which suffered a data leak on the day of its launch this week.
DonaldDaters yesterday was alerted to the fact that our third-party chat feature did not have proper security configuration, potentially allowing malicious actors to pose as users and engage other users through the chat feature. Full statement here: https://t.co/sL09e8S0ul— DonaldDaters (@DonaldDaters) October 16, 2018
A letter published Tuesday from Emily Moreno, CEO of DonaldDaters, informs users that “DonaldDaters yesterday was alerted to the fact that our third-party chat feature did not have proper security configuration, potentially allowing malicious actors to pose as users and engage other users through the chat feature.” It assures users that the DonaldDaters team is hard at work fixing the problem, but “at no point were emails, phone numbers, credit card information, or other fully identifiable information accessed.”
The letter also addresses the struggles of finding that perfect Republican to wed. “I started this app to provide a solution to so many young Trump supporters who have told me their dating horror stories,” Moreno’s letter reads. “For many of them, liberal intolerance has made meeting and dating nearly impossible. Support for the President has become a deal breaker instead of an icebreaker.”
Baptiste Robert, a security researcher, discovered the accessibility of user information. Robert told Motherboard he discovered that the app was “exposing user information in an open database,” after seeing a Fox News story and deciding to investigate.
Robert, whose goes by Elliot Alderson on Twitter, tweeted to Fox News and Trump supporters that they should not use the app. “In 5 minutes, I managed to get: the list of all the people registered, name, photo, personal messages (and) token to steal their session,” he wrote. He then shared a selection of profile pictures, the number of people registered with the app, and noted that he could view private conversations.
Hi @FoxNews and @realDonaldTrump supporters,— Elliot Alderson (@fs0c131y) October 15, 2018
You should not use this app. In 5 minutes, I managed to get:
- the list of all the people registered
- personal messages
- token to steal their session
Thread ⬇️ https://t.co/72KdNJTrmk
Currently there are 1607 users in the application and 128 rooms— Elliot Alderson (@fs0c131y) October 15, 2018
The longest conversation is a discussion between the devs of the app 😂— Elliot Alderson (@fs0c131y) October 15, 2018
He made a “small proof of concept to show how the database of the Donald Daters app is vulnerable.”
The goal is not to harm the app, so it worth to say that I deleted nothing , I will not share the code of this POC and I will not share the database.— Elliot Alderson (@fs0c131y) October 15, 2018
However, it's worth a write up so I will try to write an article in the coming days.
He even wrote an article for Medium about how he discovered the vulnerability.
The “American-based singles community connecting lovers, friends, and Trump supporters alike,” sports a simple heart in the style of the American flag as you enter the site. The description proclaims that “many on the Left chose party over love stopping any date if the other user is a supporter of our president,” before inviting you to join its just over 1,600 users and “Make America Date Again.”
These types of dating apps are apparently necessary, as the polarized political environment has reportedly made it more difficult for conservatives, in particular, to find love. A liberal group even launched an anti-Trump dating site earlier this year. But these pro-Trump sites have stalled recently: Trump.Dating, for instance, made the questionable decision to prominently display a man with a child sex conviction as the face of the site back in February, according to the A.V. Club.
Motherboard reports that the app wasn’t all that great, to begin with. It downloaded and tested the app and found it to be “clunky and seemingly barely functional.”
“Despite stating preferences as ‘looking for women in New York City,’ Motherboard was shown exclusively men who claimed to live in other parts of the country,” Motherboard wrote. “Personality questions on users’ profiles asks them what they are ‘triggered’ by, and numerous things throughout the app are misspelled or nonfunctional.”
Bad news for those searching the pro-Trump community for love, but never fear: TrumpSingles is hard at work “making dating great again,” and thus far no issues have been reported.
H/T A.V. Club