Dating App AceApp More Security Threats To Users Safety Than Imaginable

This ace app dating site social network review started in January, with one issue we asked them to fix. The issue was that all the users location, real name, and real pictures were being leaked. We originally thought this app only had 10 percent of all known asexuals, but thanks to aceapp social networks leak we discovered they had over 46 thousand asexuals of the 100 thousand that are publicly known by AVEN.

Aceapp acknowledged it as a feature publicly 6 months after contacting them when their competitor wrote about it, so we released the below video of said feature.

We are now concerned that the owner claims an app with what appears to be an apparent sql injection is secure, yet also has many other issues that are just as bad when it comes to users safety, despite the last two updates saying they had privacy updates since the only privacy improvement was removing the feature of finding out users info. Originally the issue was only a 24 hour log of who was online last, where they lived and their real name and username along with their profile image. They then attempted to fix it, but instead made it worse by being able to expose everyone’s location, name and profile picture. We contacted them privately about making the issue they were claiming to be a feature worse, so they removed it.

Unfortunately for the LGBT+ community, you don’t need a feature or hack to see their private info, since aceapp still uses something insecure called http, which means your governments, your family, that weirdo in the coffee shop, they can see your messages and private information you’re sending on aceapp when using wifi. Using 4g or 3g will not fix the issue of your government being able to see it, and those who understand how to see 4g and 3g traffic. The way to fix this security issue will be changing to https.

aceapp announced they’re 100 percent secure in our comments and there wasn’t an issue, right after emailing us saying there was an issue. In the effort for transparency as a reporter we immediately published the email in full, typos from a mobile phone and all. The fact they say they’re is while knowing there appears to be a a sql injection that means it is a feature, not to mention the myriad of other security holes. We are leaving the majority of our updates intact to show you the painstaking hard work we have gone through and that we acknowledge it isn’t close to over.

Aceapp has around 50 thousand users according to their now closed feature. That is 50 percent of the known asexual community. A failure in their security affects us all and thus we must treat it and their handling of security as an attack on the safety of those who are asexual, as governments may look unfavorably at this, nonetheless we can not change who we are or how we identify as.

While our work to get them to stop telling the world when any user logged on is fixed and it took six months our work is far from over and this will continue to update to the public.

We also got them to make it so all the profile images can no longer be seen from the browser and downloaded via a browser scraper. Other avenues of attack may still exist. That’s the positive news, sadly.

One of the avenues of attack as we discussed above is http, which aceapp has replied demanding that was fixed in the June 4th update except for their terms and privacy page, sadly that isn’t accurate.

Googles chrome browser warns you when a site is not secure, even if they put https, and this is what you get when you go to

aceapp is not secure according to Chrome browser due to a 548 day old expired certificate.

What is positive, is that they also claim they moved the images to a more secure system, we have not independently verified this and will be looking closely in to their claim.

If you accept those currently known issues as acceptable risks, we aren’t going to say not to use the social network, as we have warned you.

Now we are going to show you how aceapp looked recently, which they called a feature.

As we addressed above this was considered a feature publicly by them, which they publicly called a feature May 26th after wrote about our research, so we released the above video titled feature or vulnerability? Along with their response

We were absolutely thrilled over a small victory on June 6th when the 24 hour log went to only a few people at a time, which looked like this.

The more secure feature of exposing everyone’s information.

Unfortunately, we discovered that this improvement had a new issue, we could now type in numbers to where it said id and cycle through 1 to over 100 thousand or until the database gave us everything in to the log. When we put in a random id which is simply a series of numbers, like 19968, it would then show that user, just logged in. If we did that to every user the log would display every user as logged in and disclose all their information.

Since it is pride month, we weote to them to report the issue, only to have them admit their was a problem, but then come and comment on here a few minutes later that there was never a problem.

Since we had been reporting on this we published the email correspondence for complete transparency. The below email exchange has only been fixed for typos.

Subject:Re: New exploit in aceapp unpublished

FromACEapp Help
DateToday 02:27
Contact photo

Message Body

Hi Ryan, We truly appreciate your concern about the data breach on ACEapp. We want to inform you that all the data on ACEapp is completely safe and only authorized users can request and view the data. The only issue was with the getActiveNow where anyone can see data of all the online users at a particular time. We have fixed the issue already. Now no one can request any data outside the application without proper authorization. 
Thanks. Let us know if you still find any such issue. 
On Wed, Jun 10, 2020 at 11:07 AM <> wrote:

  We tried contacting you before we went public with the 24 hour log of
users. Let’s put aside, what appears to be a sql injection and a  way to
download all the users profile pictures among a few other public bugs.
In honor of pride month we are informing you of a worse issue you just
implemented, i hope was by accident. The getActiveNow.php  file can now
expose not just a 24 hour l og we can download the entire database of every
users real name , username, location, state, country, province, city and
personal profile image.

It is a simple bug  to solve, you just provide a number 1,2,3, all the
way up to a million or until the database runs out of info. If we can
help with an issue that is getting worse, not better, then we need to team up.


Was I in the AceApp breach?

update 3/8/2020

.It is quite possible. Since at one point every user could be exposed, it’s possible they downloaded to every single image of every single user, username, name, and location that you provided.

What is asexual?

Asexual is part of LGBTQIA, and while this article previously said the A in LGBTQIA has dual meanings and while that is technically accurate, @asexuality the Twitter for, the leading information hub on asexuality says it erases asexuals. In light of this and someone who provided valuable feedback who goes by @dirtyunclekevin, we’ve amended this to reflect the community.

Asexual is a spectrum of people who have no interest in sex or romance to those who date through identity based relationships. Some have sex usually to please their partners, but if you want an extremely detailed guide go to

What have you done to protect users identities?

We did not publicly link to the API. We provided this information only to journalists who simply needed to verify the breach of users privacy, until aceapp deemed it a feature

600 thoughts on “Dating App AceApp More Security Threats To Users Safety Than Imaginable”

  1. Hi, everyone,

    We truly appreciate your concern about the data breach on ACEapp.

    We want to inform you that all the data on ACEapp is completely safe and only authorized users can request and view the data. We recently launched our new update on 4th June in which we have used a new database and a secure environment. All the confidential data like password, email, authentication tokens are secured using SHA-2 cryptographic hash functions.
    No one can read any data outside the application without any proper authentication. All the previous REST APIs are no longer functional.


    Let us know if you still find any such issue.

    1. This isn’t accurate. You’re still using http, which means anyone on the same network as you or your government can see your messages, etc. If it is illegal in a country to be asexual, then you’re risking the lives of your users. I know many countries are anti-LGBTQIA

      1. Hi wefightforsecurity team,
        On ACEapp we are using HTTPS not HTTP. We were using HTTP before our 4th JUNE update. In the recent changes, we have moved our application to HTTPS. All our REST API services are deployed on highly secure cloud engines.
        In our current version of ACEapp, we are only keeping our Terms and Condition, Privacy Policy to HTTP which are plain HTML pages and does not contains any information specific to users. These are the URLs:
        Apart from it all the APIs and images are moved to HTTPS. Images of users are moved to highly secure Cloud Bucket.

        Let us know if you still find any such issue.
        We are open for conversation.

  2. Pingback: ctaoeyup
  3. Pingback: buy cialis
  4. Pingback: generic for viagra
  5. Pingback: compra de viagra
  6. Pingback: furosemide
  7. Pingback: albuterol 2.5 mg
  8. Pingback: prednisolone buy
  9. Pingback: get clomid
  10. Pingback: paxil wiki
  11. Pingback: celecoxib 100mg
  12. Pingback: pfizer cialis otc
  13. Pingback: cialis 20mg amazon
  14. Pingback: sildenafil soft
  15. Pingback: viagra gel price
  16. Pingback: cialis gel tabs
  17. Pingback: best online cialis
  18. Pingback: memphis099 viagra
  19. Pingback: buy cialis toronto
  20. Pingback: new ed pills
  21. Pingback: Zakhar Berkut hd
  22. Pingback: cheap retin a
  23. Pingback: lisinopril 420
  24. Pingback: buy cialis drug
  25. Pingback: Flexeril
  26. Pingback: male enhancement
  27. Pingback: generic cialis buy
  28. Pingback: new ed drugs
  29. Pingback: is cialis
  30. Pingback: viagra europe
  31. Pingback: virectin vs viagra
  32. Pingback: sildenafil 20
  33. Pingback: viagra discount
  34. Pingback: cialis free sample
  35. Pingback: amlodipine dosage
  36. Pingback: best pills for ed
  37. Pingback: plaquenil 400
  38. Pingback: ivermectin iv
  39. Pingback: can ed be reversed
  40. Pingback: viagra amazon
  41. Pingback: amoxicillin liquid
  42. Pingback: buy cialis now
  43. Pingback: redtube cialis
  44. Pingback: cialis dosing
  45. Pingback: viagra how long
  46. Pingback: united rx pharmacy
  47. Pingback: women viagra
  48. Pingback:
  49. Pingback: online medication
  50. Pingback: best ed medication
  51. Pingback: prozac abuse
  52. Pingback: buy ivermectin uk
  53. Pingback: lexapro nausea
  54. Pingback: cialis for sale uk
  55. Pingback: 1
  56. Pingback: buy cialis in usa
  57. Pingback: ivermectin cost uk
  58. Pingback: doxycycline 50mg
  59. Pingback: doxycycline prices
  60. Pingback: cialis asia
  61. Pingback: viagra uk pharmacy
  62. Pingback: zithromax susp
  63. Pingback: shots for ed
  64. Pingback: cialis generic
  65. Pingback: viagra generic
  66. Pingback: prednisone pak
  67. Pingback: ivermectin 1
  68. Pingback: purchase amoxil uk
  69. Pingback: furosemide 20
  70. Pingback: neurontin sale
  71. Pingback: viagra price
  72. Pingback: prednisone 5052
  73. Pingback: buy priligy in usa
  74. Pingback: ivermectin 200 mcg
  75. Pingback: azithromycin pills
  76. Pingback: buy lasix 100mg
  77. Pingback: quineprox 900
  78. Pingback: cialis
  79. Pingback: stromectol cvs
  80. Pingback: ivermectin 50 mg
  81. Pingback: ventolin price usa
  82. Pingback: cialis generic
  83. Pingback: what is viagra
  84. Pingback: buy valtrex
  85. Pingback: get valtrex online
  86. Pingback: cheap cialis
  87. Pingback: plaquenil 200mg
  88. Pingback: cialis 50mg pills
  89. Pingback: buy cialis in cro
  90. Pingback: ed treatments
  91. Pingback: online slots
  92. Pingback: ebay viagra pills
  93. Pingback: cialis 20mg
  94. Pingback: 200mg viagra
  95. Pingback: ivermectin tablets
  96. Pingback: Gyne-Lotrimin
  97. Pingback: Furosemide
  98. Pingback: legal viagra
  99. Pingback: ivermectin 3mg
  100. Pingback: cialis and running
  101. Pingback: sildenafil viagra
  102. Pingback: stromectol price
  103. Pingback: flccc ivermectin
  104. Pingback: flccc ivermectin
  105. Pingback: baricitinib cost
  106. Pingback: Sinemet
  107. Pingback: merck molnupiravir
  108. Pingback: nolvadex 50mg
  109. Pingback: lumigan 0.01%
  110. Pingback: Anonymous
  111. Pingback: aralen for ra
  112. Pingback: i-mask
  113. Pingback: ivermectin 1%
  114. Pingback: Careprost
  115. Pingback: stromectol canada
  116. Pingback: ivermectin syrup
  117. Pingback: Anonymous
  118. Pingback: ivermectin kaufen
  119. Pingback: ivermectin generic
  120. Pingback: buy stromectol
  121. Pingback: provigil costo
  122. Pingback: zithromax 250
  123. Pingback: buy online
  124. Pingback: cialis canada
  125. Pingback: cialis price
  126. Pingback: levitra vs cialis
  127. Pingback: ivermectin to buy
  128. Pingback: generic for cialis
  129. Pingback: tadalafil walmart
  130. Pingback: tadalafil femme
  131. Pingback: cheap prednisone
  132. Pingback: merck covid
  133. Pingback: 3trackless
  134. Pingback: molnupiravir
  135. Pingback: generic cialis usa
  136. Pingback: win casino
  137. Pingback: cialis online
  138. Pingback: ivermectin mexico
  139. Pingback: ivermectin news
  140. Pingback: ivermectin 80 mg
  141. Pingback: ivermectin bnf
  142. Pingback: ivermectin 12mg
  143. Pingback: cialis cost 20mg
  144. Pingback: mexico ivermectin
  145. Pingback: ivermectin drug
  146. Pingback: ivermectin 5ml
  147. Pingback: ivermectin 80 mg
  148. Pingback: erythromycin b
  149. Pingback: azithromycin smpc
  150. Pingback: stromectol online
  151. Pingback: stromectol otc
  152. Pingback: 1% ivermectin
  153. Pingback: ivermectin 0.1
  154. Pingback: lucky land slots
  155. Pingback: cheap cialis
  156. Pingback: over night cialis
  157. I always think about what is. It seems to be a perfect article that seems to blow away such worries. 온카지노 seems to be the best way to show something. When you have time, please write an article about what means!!kk

  158. Pingback: ivermectin online
  159. Pingback: ivermectin lotion
  160. Pingback: buy clomid canada
  161. Pingback: 150g clomid
  162. Pingback: ivermectin 0.5%
  163. Pingback: ed medicine
  164. Pingback: pharmacy drugs
  165. Pingback: drugs for ed
  166. Pingback: mazhor4sezon
  167. Pingback: filmfilmfilmes
  168. Pingback: gRh9UPV
  169. Pingback: ivermectin 6mg
  170. Pingback: ed in young men
  171. Pingback: 9-05-2022
  172. Pingback:
  173. Pingback: TopGun2022
  174. Pingback: Xvideos
  175. Pingback: XVIDEOSCOM Videos
  176. Pingback: buy canadian drugs
  177. Pingback: ivanesva
  178. Pingback: tadalafila
  179. Pingback: п»їviagra pills
  180. Pingback: Netflix
  181. Pingback: FILM
  182. Pingback:
  183. Pingback: YA-krasneyu
  184. Pingback:
  185. Pingback:
  186. Pingback:
  187. Pingback:
  188. Pingback: ivermectin 50 mg
  189. Pingback: psy-
  190. Pingback: projectio
  191. Pingback: psy online
  192. Pingback: Gz92uNNH
  193. Pingback: do-posle-psihologa
  194. Pingback: uels ukrain
  195. Pretty nice post. I just stumbled upon your weblog and wanted to say that I have really enjoyed browsing your blog posts. After all I’ll be subscribing to your feed and I hope you write again soon 먹튀검증업체 I would like to write an article based on your article. When can I ask for a review?!

  196. Pingback: stromectol 0 5 mg
  197. Pingback: DPTPtNqS
  198. Pingback: qQ8KZZE6
  199. Pingback: D6tuzANh
  200. Pingback: SHKALA TONOV
  201. Pingback: chelovek-iz-90-h
  202. Pingback: 3Hk12Bl
  203. Pingback: 3NOZC44
  204. Pingback: 01211
  205. Pingback: tor-lyubov-i-grom
  206. Pingback: film-tor-2022
  207. Pingback: hd-tor-2022
  208. Pingback:
  209. Pingback: JXNhGmmt
  210. Pingback: Psikholog
  211. Pingback:
  212. Pingback: Link
  213. Pingback: psy
  214. Pingback:
  215. Pingback:
  216. Pingback: bucha killings
  217. Pingback: War in Ukraine
  218. Pingback: Ukraine
  219. Pingback: site
  220. Pingback: stats
  221. Pingback: Ukraine-war
  222. Pingback: movies
  223. Pingback: gidonline
  224. Pingback: web
  225. Pingback:
  226. Pingback: video
  227. Pingback: cialis 10 mg
  228. Pingback:
  229. Pingback: rodnoe-kino-ru
  230. Pingback: confeitofilm
  231. Pingback:
  232. Pingback: sY5am
  233. Pingback: Dom drakona
  234. Pingback: JGXldbkj
  235. Pingback: aOuSjapt
  236. Pingback: ìûøëåíèå
  237. Pingback: psikholog moskva
  238. Pingback: Dim Drakona 2022
  239. Pingback: TwnE4zl6
  240. Pingback: psy 3CtwvjS
  241. Pingback: lalochesia
  242. Pingback: film onlinee
  243. Pingback: 3qAIwwN
  244. Pingback: video-2
  245. Pingback:
  246. Pingback:
  247. Pingback: 000-1
  248. Pingback: 3SoTS32
  249. Pingback: 3DGofO7

Leave a Reply

Your email address will not be published.