Techly NewsGet the app

Get the latest tech news

I hacked a dating app (and how not to treat a security researcher)


Startups Need to Take Security Seriously

During our conversation, the Cerca team acknowledged the seriousness of these issues, expressed gratitude for the responsible disclosure, and assured me they would promptly address the vulnerabilities and inform affected users. This endpoint takes a valid user ID and returns all sorts of personal information (including the phone numbers necessary for total account takeover, thanks to the OTP vulnerability). Considering that I’m just a college student looking at this casually, it’s entirely possible other critical vulnerabilities may exist (though complete account takeover sets a pretty high bar).

Get the Android app

Or read this on Hacker News

Read more on:

Photo of dating app

dating app

Photo of Security researcher

Security researcher

Related news:

News photo

Dating App ‘Raw’ Accidentally Rawdogs Users’ Location Data, Personal Info | App users' data was left completely and utterly unprotected.

News photo

Dating app Raw exposed users’ location data and personal information

News photo

A dating app for video games tackles one of the industry's big issues

« Sam Altman apparently does not respect olive oil
Legion Health (YC S21) is hiring engineers to help fix mental health with AI »