"Make America Date Again,” the website for the dating app Donald Daters reads. The app is marketed towards Donald Trump supporters who may want to find like-minded people. On Monday, Fox News reported that “users can chat for free when a match is mutual, block any potential liberals that troll them and Donald Daters is open to everyone.”The app is open in more ways than one. Fox’s report got picked up by various media outlets around the country. Shortly thereafter, a security researcher discovered the app is exposing user information in an open database, including biographical details such as names and profile photos, but also potentially tokens for logging into peoples’ accounts and private messages.
“This is super easy to replicate,” Baptiste Robert, the security researcher who discovered the issue, and who also goes by the handle Elliot Alderson, told Motherboard in an online chat.
Alderson pointed Motherboard to the apparently misconfigured database which contains the Donald Daters user information. To verify the data did come from Donald Daters, Motherboard created an account on the app, searched for users mentioned in the exposed data, found these through the app itself, and confirmed the profile photos and names matched up.Although the exposed database also includes alleged private messages between accounts, Motherboard was unable to confirm their veracity: users can only send messages for free to one another after a Tinder-style match, or if the user pays monthly fee (one month costs $29.99; a year subscription costs $9.99/month.) Motherboard also did not attempt to use the potential login tokens for legal reasons.From all appearances, not many people are using this app. One message even reads “Yes, but I don’t see literally anybody on this app… What did I just pay for?”
Motherboard downloaded and tested the app, which, as far as dating apps go, is clunky and seemingly barely functional. Despite stating preferences as “looking for women in New York City,” Motherboard was shown exclusively men who claimed to live in other parts of the country. The app allows users to post publicly as well, and there appeared to only be a few posts. Personality questions on users’ profiles asks them what they are “triggered” by, and numerous things throughout the app are misspelled or nonfunctional. The app also only lets users look at 10 people before locking them out and asking them to pay the $29.99 monthly fee. Motherboard cannot rule out that this is a not-so-elaborate scheme to own Republicans.In a frequently asked questions section, Donald Daters’ website reads “All your personal information is kept private. We encourage safe online dating so please be sure not to share any private information on your profile before vetting anyone you may be interested in meeting in our community.”In a statement, Donald Daters CEO Emily Moreno said "We have taken swift and decisive action to remedy the mistake and make all possible efforts to prevent this from happening again. Out of an abundance of caution, we have temporarily suspended the chat service on the app while we implement new security protocols."Update: This piece has been updated to include comment from Donald Daters.
Got a tip? You can contact Joseph Cox securely on Signal on +44 20 8133 5190, OTR chat on email@example.com, or email firstname.lastname@example.org. You can contact Jason Koebler on Signal on +1 347 513 3688 or email email@example.com.