A new mobile app described as the “Yelp for conservatives” is leaking user records and business reviews, according to a French security researcher. According to Baptiste Robert, a French security researcher who goes online under the pseudonym of Elliot Anderson (the name of the main character from the Mr. Robot TV show about hackers), the 63red Safe app is leaking almost all of its data.
For each profile, Robert said he was able to retrieve information such as username, email, avatar, follower count, following count, profile creation/update dates, a ban status, and something called a “hotscore.” of authentication, Robert said. This means that anyone can look at the app’s source code, get the API endpoints, and then extract data from the app’s server with no challenge or restriction.
The founder of 63red reacts: “We see this person’s illegal and failed attempts to access our database servers as a politically-motivated attacked, and will be reporting it to the FBI later today.” As the kids say, LOL. (Tipped by JMG reader Mike)
Hello conservative friends,
Last time we discussed, I got access to the @DonaldDaters database in less than 5 minutes. Follow me in this thread and I will show you how I got access to the @63red database and obtained all the details of their users even quicker
— Elliot Alderson (@fs0c131y) March 12, 2019