The app, which markets itself as an “American-based singles community connecting lovers, friends, and Trump supporters alike,” had more than 1,600 users when it launched on Monday, according to security researcher Elliot Alderson, who was reportedly able to download the entire user database.
Alderson shared his findings in a tweet, stating that the data he managed to gain access to included users’ names, profile pictures, device types, private messages and access tokens that can be used to log into their accounts.
Hi @FoxNews and @realDonaldTrump supporters,— Elliot Alderson (@fs0c131y) October 15, 2018
You should not use this app. In 5 minutes, I managed to get:
- the list of all the people registered
- personal messages
- token to steal their session
Thread ?? https://t.co/72KdNJTrmk
The Donald Daters app was founded by Emily Moreno—a former aide to Sen. Marco Rubio—who confirmed the leak on Tuesday.
“We have taken swift and decisive action to remedy the mistake and make all possible efforts to prevent this from happening again,” she said, according to TechCrunch. “Out of an abundance of caution, we have temporarily suspended the chat service on the app while we implement new security protocols. We are also taking immediate steps to engage a leading, independent cybersecurity firm to pressure test the system to ensure it is secure against other vulnerabilities.”