🐱 Found critical vulns in Petlibro smart pet feeders - $500 bounty

-Auth bypass
-hijack any device
-Private audio recordings exposed

They "fixed" it but left the old endpoint up for "legacy compatibility"

bobdahacker.com/blog/petlibro

#InfoSec #BugBounty #IoT #Security #Petlibro #CyberSecurity

🎵 Found a verification bypass in Bandsintown - fixed

Used API endpoint to claim any unclaimed artist
Got full access to Rick Astley's 191k followers
Emails, names, push notifs

Could have rickrolled 191k people. I did not.
bobdahacker.com/blog/bandsin...
#InfoSec #BugBounty #Security #CyberSecurity

🔓 Found critical vulns in Taimi (LGBTQ+ dating app) - fixed, $10k bounty

- "Expiring" videos didn't expire
- Decrement ID = anyone's private videos

Taimi handled this right. Fast fix, proper bounty.

bobdahacker.com/blog/taimi-i...

#InfoSec #BugBounty #IDOR #Taimi #Security #CyberSecurity

rate my Subdomain on my Domain

i.hate.you

#CyberSecurity #InfoSec #domains #subdomain #programming #ProgramerHumour #Privacy

Every day, I pray for a world where everyone is kind and respectful of each other, regardless of gender.

May unreasonable attacks against transgender people end🏳️‍⚧️🏳️‍🌈

May today be filled with happiness and love for you all🤍

Hacked every BellaBot & Pudu robot globally. Ignored emails until I told their biggest customers. Fixed in 48hrs after that.

Their response was ChatGPT with "[Your Email Address]" placeholder still in it 😭

Full story: bobdahacker.com/blog/hacked-...

#robotics #security #cybersecurity #infosec

finally caved and added an RSS feed to my blog after everyone kept begging me in DMs 😤

find it yourself at bobdahacker.com/blog
now stop asking me about it lol

#RSS #cybersecurity #blog #infosec #bugbounty #hacker

Hacked India's biggest dating app Flutrr (backed by Times of India). Every API endpoint is broken - I could read anyone's messages, swipe for them, change their profile. No auth checks anywhere.

bobdahacker.com/blog/indias-...

#cybersecurity #infosec #india #dating #vulnerability #bugbounty

Hacked South Park's Casa Bonita. Could access their entire POS system and see all customer payments/tips. No security contact anywhere 😬

Fixed fast but never thanked me. Got a Founders Club card 6 months later though 😂

bobdahacker.com/blog/i-hacke...

#SouthPark #infosec #hacking #cybersecurity

Found huge security flaws in McDonalds: crew members could access corporate sites, API keys exposed. Had to call HQ pretending to know people to report it 🤦

They fixed it but fired my friend who helped

bobdahacker.com/blog/mcdonal...

#McDonalds #hacking #cybersecurity #infosec #bugbounty

@lovense-official.bsky.social
Dan Liu's threat to pursue litigation against @bobdahacker.com is the most ignorant shit I've even seen in my years of #dlp and #cybersecurity.

Plenty of proof of the #vuln, and the lack of response before public disclosure.

www.documentcloud.org/documents/26...

🚨 Lovense finally fixed their email leak after public pressure

They said: 14 months
Reality: 2 days after going viral

11M+ users at risk for YEARS. Read the full deception: bobdahacker.com/blog/lovense...

#InfoSec #Privacy #CyberSecurity #BugBounty

PSA: Lovense products leak your email from just your username. Reported in March, still broken.

Worse: Another Vulnerability was "fixed" in 2023 but wasn't. Company lied to researchers for 2+ years.

Full breakdown: bobdahacker.com/blog/lovense...

#cybersecurity #infosec #bugbounty #privacy