I hacked a dating app (and how not to treat a security researcher)

I'm flagging this submission. Look at the author[0], at the "Georgetown students..." (won't backlink again) post linked below stating that Cerca was 2 months old in April, and OP's post from April stating that they hacked this thing two months earlier.

It's some self-promo or whatever scheme/scam bullshit.

[0] https://news.ycombinator.com/from?site=alexschapiro.com

Hi author here! Not exactly sure what you are talking about — I think I found this vulnerability pretty close to when the app first went public but not sure why that makes it a scam

And I posted this blog because I think people will find it interesting!

Happy to answer any other questions when I get back to my computer :)

(Also more info here: https://yaledailynews.com/blog/2025/04/24/yale-student-expos...)

Posting the same link 4 times in 18 days, by the author, certainly seems like self-promo, but somehow allowed? I don't see any URL manipulation, and it certainly took off today. (I found it interesting!)

A&B testing of post names seems to lead some useful information ;)

I don't see your reference to "Georgetown students..." in either the website link or the user's submissions? Was it modified?

Glad you found it interesting, yeah I was experimenting with different names and obviously this one was the best. Not trying to self-promo as I am not like selling any product but just thought people would enjoy the article! Sorry if I violated any of the unwritten HN norms... but glad people are reading it now and having interesting discussions

You definitely shouldn't do what you did here, gaming your submissions this way. You can post your own stuff, of course.