I hacked a dating app (and how not to treat a security researcher)
a year ago
- #privacy
- #vulnerability
- #security
- Cerca Dating App had severe security vulnerabilities exposing private messages, passport information, and sexual preferences.
- The vulnerabilities included broken OTP authentication and open API endpoints, allowing unauthorized access to user data.
- A security researcher responsibly disclosed the issues to Cerca, but the company failed to respond or notify users despite patching the vulnerabilities.
- Exploits enabled access to over 6,000 user profiles, including sensitive ID documents and personal details.
- The lack of security measures could lead to identity theft, stalking, and blackmail, highlighting the need for better app security practices.