🔓 Found critical vulns in Taimi (LGBTQ+ dating app) - fixed, $10k bounty
- "Expiring" videos didn't expire
- Decrement ID = anyone's private videos
Taimi handled this right. Fast fix, proper bounty.
bobdahacker.com/blog/taimi-i...
#InfoSec #BugBounty #IDOR #Taimi #Security #CyberSecurity
finally caved and added an RSS feed to my blog after everyone kept begging me in DMs 😤
find it yourself at bobdahacker.com/blog
now stop asking me about it lol
#RSS #cybersecurity #blog #infosec #bugbounty #hacker
Hacked every BellaBot & Pudu robot globally. Ignored emails until I told their biggest customers. Fixed in 48hrs after that.
Their response was ChatGPT with "[Your Email Address]" placeholder still in it 😭
Full story: bobdahacker.com/blog/hacked-...
#robotics #security #cybersecurity #infosec
🎵 Found a verification bypass in Bandsintown - fixed
Used API endpoint to claim any unclaimed artist
Got full access to Rick Astley's 191k followers
Emails, names, push notifs
Could have rickrolled 191k people. I did not.
bobdahacker.com/blog/bandsin...
#InfoSec #BugBounty #Security #CyberSecurity
Apparently tons of people registered accounts on tons of platforms with [email protected]
Not knowing that .you would come to exist in 2025.
Lmfao
🐱 Found critical vulns in Petlibro smart pet feeders - $500 bounty
-Auth bypass
-hijack any device
-Private audio recordings exposed
They "fixed" it but left the old endpoint up for "legacy compatibility"
bobdahacker.com/blog/petlibro
#InfoSec #BugBounty #IoT #Security #Petlibro #CyberSecurity
How I found a verification bypass in Bandsintown that let anyone claim unclaimed artist pages with a single API call - including Rick Astley's 191k followers, their emails, and the ability to send pus...
Critical vulnerabilities in Pudu Robotics allowed unauthorized control of every Pudu Robotics Robot worldwide. They ignored emails until I contacted Skylark Holdings and Zensho about their compromised...
bobdahacker.com
How I found critical vulnerabilities in Petlibro smart pet feeders allowing complete account takeover via broken OAuth, access to anyone's pet data, device hijacking, and private audio recordings - an...
Every day, I pray for a world where everyone is kind and respectful of each other, regardless of gender.
May unreasonable attacks against transgender people end🏳️⚧️🏳️🌈
May today be filled with happiness and love for you all🤍
rate my Subdomain on my Domain
i.hate.you
#CyberSecurity #InfoSec #domains #subdomain #programming #ProgramerHumour #Privacy
Hacked India's biggest dating app Flutrr (backed by Times of India). Every API endpoint is broken - I could read anyone's messages, swipe for them, change their profile. No auth checks anywhere.
bobdahacker.com/blog/indias-...
#cybersecurity #infosec #india #dating #vulnerability #bugbounty
⚽ I Could've Rickrolled the Entire FIFA World Cup. All I Needed Was My ID.
Registered on FIFA's public Agent Platform, accessed RTMP stream keys for every live World Cup 2026 camera feed. An attacker could've replaced live TV worldwide.
bobdahacker.com/blog/fifa-hack
#InfoSec #FIFA #WorldCup
i hate you so much that i made this just for you ❤️
i.hate.you
Flutrr, India's biggest dating app backed by The Times of India, has critical security flaws allowing anyone to access all user data, send messages as anyone, and control any account. They've known si...
How I found that anyone could register on FIFA's public Agent Platform, gain access to the Football Data Platform's Streaming Management panel, and get RTMP ingest URLs and stream keys for every live ...
