Supporters of President Trump who want to date like-minded individuals had Emily Moreno, a former aide to Sen. Marco Rubio, to thank for creating the Donald Dater app, but their gratitude might have fallen flat after their information was leaked on the day the app was launched.
According to Time, Monero confirmed the leak was discovered on October 15, 2018, by security researcher Elliot Alderson, who was able to download the entire database, which included the personal information of more than 1,600 users.
Information on users who were seeking to “Make America Date Again,” included users’ names, profile pictures, device types, private messages and access tokens that can be used to log into their accounts, Alderson said in a tweet. The researcher also detailed how he found the database in a post on Medium.
“This is just the tip of the iceberg,” said Aaron Lint, chief scientist at Arxan. “We all know that applications are weak spots in corporate infrastructure because of the lack of true ownership for app security. Again, we see evidence of how the software itself betrays the back end. When critical data passes through your app, it can be trivially exfiltrated by attackers. Leaving the application unprotected is leaving the data in transit unprotected.”
Leaked data is not the only risk posed to users of dating apps and websites, and the Donald Dater app is not the only dating site to make headlines this week. Breaking news from Barclays reported by the BBC this morning found that an online dating site scam cost victims £2,000. Barclays reportedly found that thousands of people are losing thousands of pounds from online dating scams.
“It’s not surprising to hear dating scams are costing people dearly. We previously found that 38% of people openly share their email address in their dating profiles and 7% of people even share their passwords with people via dating sites,” said Raj Samani, chief scientist and fellow at McAfee.
“Sharing this personal information puts people directly in the firing line for hackers and scammers wanting to cash in on the online dating phenomenon. We urge dating site users to keep sensitive data such as email addresses, full names and phone numbers private. And those looking for love online need to make sure the apps they’re using are protected with strong, secure passwords to further avoid the security risks of online dating.”