π± Found critical vulns in Petlibro smart pet feeders - $500 bounty
-Auth bypass
-hijack any device
-Private audio recordings exposed
They "fixed" it but left the old endpoint up for "legacy compatibility"
bobdahacker.com/blog/petlibro
#InfoSec #BugBounty #IoT #Security #Petlibro #CyberSecurity
π΅ Found a verification bypass in Bandsintown - fixed
Used API endpoint to claim any unclaimed artist
Got full access to Rick Astley's 191k followers
Emails, names, push notifs
Could have rickrolled 191k people. I did not.
bobdahacker.com/blog/bandsin...
#InfoSec #BugBounty #Security #CyberSecurity
π Found critical vulns in Taimi (LGBTQ+ dating app) - fixed, $10k bounty
- "Expiring" videos didn't expire
- Decrement ID = anyone's private videos
Taimi handled this right. Fast fix, proper bounty.
bobdahacker.com/blog/taimi-i...
#InfoSec #BugBounty #IDOR #Taimi #Security #CyberSecurity
Apparently tons of people registered accounts on tons of platforms with i@hate.you
Not knowing that .you would come to exist in 2025.
Lmfao
rate my Subdomain on my Domain
i.hate.you
#CyberSecurity #InfoSec #domains #subdomain #programming #ProgramerHumour #Privacy
Check dms π
Every day, I pray for a world where everyone is kind and respectful of each other, regardless of gender.
May unreasonable attacks against transgender people endπ³οΈββ§οΈπ³οΈβπ
May today be filled with happiness and love for you allπ€
Hacked every BellaBot & Pudu robot globally. Ignored emails until I told their biggest customers. Fixed in 48hrs after that.
Their response was ChatGPT with "[Your Email Address]" placeholder still in it π
Full story: bobdahacker.com/blog/hacked-...
#robotics #security #cybersecurity #infosec
finally caved and added an RSS feed to my blog after everyone kept begging me in DMs π€
find it yourself at bobdahacker.com/blog
now stop asking me about it lol
#RSS #cybersecurity #blog #infosec #bugbounty #hacker
Bruh, that would be illegal. I'm not gonna do illegal things. Also McDonald's gave me nothing.
Hacked India's biggest dating app Flutrr (backed by Times of India). Every API endpoint is broken - I could read anyone's messages, swipe for them, change their profile. No auth checks anywhere.
bobdahacker.com/blog/indias-...
#cybersecurity #infosec #india #dating #vulnerability #bugbounty
Hacked South Park's Casa Bonita. Could access their entire POS system and see all customer payments/tips. No security contact anywhere π¬
Fixed fast but never thanked me. Got a Founders Club card 6 months later though π
bobdahacker.com/blog/i-hacke...
#SouthPark #infosec #hacking #cybersecurity
Found huge security flaws in McDonalds: crew members could access corporate sites, API keys exposed. Had to call HQ pretending to know people to report it π€¦
They fixed it but fired my friend who helped
bobdahacker.com/blog/mcdonal...
#McDonalds #hacking #cybersecurity #infosec #bugbounty
@lovense-official.bsky.social
Dan Liu's threat to pursue litigation against @bobdahacker.com is the most ignorant shit I've even seen in my years of #dlp and #cybersecurity.
Plenty of proof of the #vuln, and the lack of response before public disclosure.
www.documentcloud.org/documents/26...
butt plug man it was fixed please retweet my latest post on bluesky and twitter thx butt plug man
butt plug man it was fixed please retweet my latest post on bluesky and twitter thx butt plug man
π¨ Lovense finally fixed their email leak after public pressure
They said: 14 months
Reality: 2 days after going viral
11M+ users at risk for YEARS. Read the full deception: bobdahacker.com/blog/lovense...
#InfoSec #Privacy #CyberSecurity #BugBounty
shame on Lovense
x.com/radiantnmyhe...
More people are coming out against Lovense
I agree
PSA: Lovense products leak your email from just your username. Reported in March, still broken.
Worse: Another Vulnerability was "fixed" in 2023 but wasn't. Company lied to researchers for 2+ years.
Full breakdown: bobdahacker.com/blog/lovense...
#cybersecurity #infosec #bugbounty #privacy