I hacked a dating app (and how not to treat a security researcher)

(alexschapiro.com)

561 points bearsyankees | 1 comments | 12 May 25 16:39 UTC | HN request time: 0.206s | source

Show context

michaelteter ◴[12 May 25 17:34 UTC] No.43965514[source]▶

Not excusing this is any way, but this app is apparently a fairly junior effort by university students. While it should make every effort to follow good security (and communication) practices, I'd not be too hard on them considering how some big VC funded "adult" companies behave when presented with similar challenges.

https://georgetownvoice.com/2025/04/06/georgetown-students-c...

replies(10): >>43965600 #>>43965723 #>>43965782 #>>43966035 #>>43966222 #>>43966281 #>>43966578 #>>43967558 #>>43968803 #>>43969670 #

genewitch ◴[12 May 25 17:50 UTC] No.43965723[source]▶

>>43965514 #

i have an idea, if you don't know anything about app security, don't make an app. "Whataboutism" not-withstanding, this actually made me feel a little ill, and your comment didn't help. I have younger friends that use dating sites and having their information exposed to whoever wants it is gross, and the people who made it should feel bad.

They should feel bad about not communicating with the "researcher" after the fact, too. If i had been blown off by a "company" after telling them everything was wide open to the world for the taking, the resulting "blog post" would not be so polite.

STOP. MAKING. APPS.

replies(5): >>43965917 #>>43966137 #>>43966193 #>>43967241 #>>43967547 #

1. imiric ◴[12 May 25 18:31 UTC] No.43966137[source]▶

>>43965723 #

You're shouting into the void. The people making this type of product have zero regard for their users' data, and best engineering or security practices. They're using AI to pump out a product as quickly as possible, and if it doesn't work (i.e. makes them money), they'll do it again with something else.

This can only be solved by regulation.

↑