I hacked a dating app (and how not to treat a security researcher)

(alexschapiro.com)

560 points bearsyankees | 1 comments | 12 May 25 16:39 UTC | HN request time: 0.232s | source

Show context

michaelteter ◴[12 May 25 17:34 UTC] No.43965514[source]▶

Not excusing this is any way, but this app is apparently a fairly junior effort by university students. While it should make every effort to follow good security (and communication) practices, I'd not be too hard on them considering how some big VC funded "adult" companies behave when presented with similar challenges.

https://georgetownvoice.com/2025/04/06/georgetown-students-c...

replies(10): >>43965600 #>>43965723 #>>43965782 #>>43966035 #>>43966222 #>>43966281 #>>43966578 #>>43967558 #>>43968803 #>>43969670 #

genewitch ◴[12 May 25 17:50 UTC] No.43965723[source]▶

>>43965514 #

i have an idea, if you don't know anything about app security, don't make an app. "Whataboutism" not-withstanding, this actually made me feel a little ill, and your comment didn't help. I have younger friends that use dating sites and having their information exposed to whoever wants it is gross, and the people who made it should feel bad.

They should feel bad about not communicating with the "researcher" after the fact, too. If i had been blown off by a "company" after telling them everything was wide open to the world for the taking, the resulting "blog post" would not be so polite.

STOP. MAKING. APPS.

replies(5): >>43965917 #>>43966137 #>>43966193 #>>43967241 #>>43967547 #

1. yibg ◴[12 May 25 20:41 UTC] No.43967241[source]▶

>>43965723 #

End of the day it's an ROI analysis (using the term loosely here, more of a gut feel). What is the cost and benefits of making an app more secure vs pushing out an insecure version faster. Unfortunately in today's business and funding climate, the latter has better pay off (for most things anyways).

Until the balance of incentives changes, I don't see any meaningful change in behavior unfortunately.

↑