←back to thread

I hacked a dating app (and how not to treat a security researcher)

(alexschapiro.com)
560 points bearsyankees | 1 comments | 12 May 25 16:39 UTC | HN request time: 0.242s | source
Show context
michaelteter ◴[12 May 25 17:34 UTC] No.43965514[source]
Not excusing this is any way, but this app is apparently a fairly junior effort by university students. While it should make every effort to follow good security (and communication) practices, I'd not be too hard on them considering how some big VC funded "adult" companies behave when presented with similar challenges.

https://georgetownvoice.com/2025/04/06/georgetown-students-c...

replies(10): >>43965600 #>>43965723 #>>43965782 #>>43966035 #>>43966222 #>>43966281 #>>43966578 #>>43967558 #>>43968803 #>>43969670 #
voytec ◴[12 May 25 17:56 UTC] No.43965782[source]
I've also hit this link trying to get any info on "Cerca". It's from April 2025 and praises app created two months earlier. It looks like a LLM-hallucinated garbage. OP's entry mentions contacting Cerca team in February. So either this entry is about a flaw detected at launch date or some weird scheme.

Nonetheless: "two months old vulnerability" and "two months old students-made app/service".

replies(1): >>43965865 #
michaelteter ◴[12 May 25 18:03 UTC] No.43965865[source]
Ah that's a shame.

It's hard to tell these days what is real.

Linkedin shows 2024 founded, and 2-10 employees. And that same Linkedin page has a post which directly links to this blurb: https://www.readfeedme.com/p/three-college-seniors-solved-th...

The date of this article is May 2025, and it references an interview with the founders.

replies(1): >>43965886 #
1. bearsyankees ◴[12 May 25 18:06 UTC] No.43965886[source]
I think the date there is March 25