Every day, I pray for a world where everyone is kind and respectful of each other, regardless of gender.
May unreasonable attacks against transgender people endπ³οΈββ§οΈπ³οΈβπ
May today be filled with happiness and love for you allπ€
π΅ Found a verification bypass in Bandsintown - fixed
Used API endpoint to claim any unclaimed artist
Got full access to Rick Astley's 191k followers
Emails, names, push notifs
Could have rickrolled 191k people. I did not.
bobdahacker.com/blog/bandsin...
#InfoSec #BugBounty #Security #CyberSecurity
BobDaHacker π³οΈββ§οΈ (she/her)
How I found a verification bypass in Bandsintown that let anyone claim unclaimed artist pages with a single API call - including Rick Astley's 191k followers, their emails, and the ability to send pus...
Hacked every BellaBot & Pudu robot globally. Ignored emails until I told their biggest customers. Fixed in 48hrs after that.
Their response was ChatGPT with "[Your Email Address]" placeholder still in it π
Full story: bobdahacker.com/blog/hacked-...
#robotics #security #cybersecurity #infosec
Apparently tons of people registered accounts on tons of platforms with [email protected]
Not knowing that .you would come to exist in 2025.
Lmfao
β½ I Could've Rickrolled the Entire FIFA World Cup. All I Needed Was My ID.
Registered on FIFA's public Agent Platform, accessed RTMP stream keys for every live World Cup 2026 camera feed. An attacker could've replaced live TV worldwide.
bobdahacker.com/blog/fifa-hack
#InfoSec #FIFA #WorldCup
Chiitanπγ‘γγγβ
π Found critical vulns in Taimi (LGBTQ+ dating app) - fixed, $10k bounty
- "Expiring" videos didn't expire
- Decrement ID = anyone's private videos
Taimi handled this right. Fast fix, proper bounty.
bobdahacker.com/blog/taimi-i...
#InfoSec #BugBounty #IDOR #Taimi #Security #CyberSecurity
π± Found critical vulns in Petlibro smart pet feeders - $500 bounty
-Auth bypass
-hijack any device
-Private audio recordings exposed
They "fixed" it but left the old endpoint up for "legacy compatibility"
bobdahacker.com/blog/petlibro
#InfoSec #BugBounty #IoT #Security #Petlibro #CyberSecurity
finally caved and added an RSS feed to my blog after everyone kept begging me in DMs π€
find it yourself at bobdahacker.com/blog
now stop asking me about it lol
#RSS #cybersecurity #blog #infosec #bugbounty #hacker
Hacked India's biggest dating app Flutrr (backed by Times of India). Every API endpoint is broken - I could read anyone's messages, swipe for them, change their profile. No auth checks anywhere.
bobdahacker.com/blog/indias-...
#cybersecurity #infosec #india #dating #vulnerability #bugbounty
rate my Subdomain on my Domain
i.hate.you
#CyberSecurity #InfoSec #domains #subdomain #programming #ProgramerHumour #Privacy
Critical vulnerabilities in Pudu Robotics allowed unauthorized control of every Pudu Robotics Robot worldwide. They ignored emails until I contacted Skylark Holdings and Zensho about their compromised...
How I found that anyone could register on FIFA's public Agent Platform, gain access to the Football Data Platform's Streaming Management panel, and get RTMP ingest URLs and stream keys for every live ...
How I found critical vulnerabilities in Petlibro smart pet feeders allowing complete account takeover via broken OAuth, access to anyone's pet data, device hijacking, and private audio recordings - an...
Flutrr, India's biggest dating app backed by The Times of India, has critical security flaws allowing anyone to access all user data, send messages as anyone, and control any account. They've known si...
