Security researcher reveals grotesque vulnerabilities in "Yelp-for-MAGA" app and its snowflake owner calls in the FBI

63Red Safe is an app affiliated with 63red, a far-right news site, that is a sort of Green Book for racists, identifying restaurants and other establishments that will serve people sporting MAGA hats and other modern Klan-hood-alikes without calling them out on their overt racist symbology.

63Red Safe's developers made a string of amateurish, catastrophic errors in designing the app, leaving plaintext passwords and logins in plain sight and failing to authenticate the API, which allowed attackers to spoof any user, as well as retrieving sensitive user information about every user on the service.

The defects were revealed in French security researcher Elliot Alderson's Twitter thread.

In response, 63Red's owner, Scott Wallace, downplayed the seriousness of the defects in his product and announced in classic internet tough guy style that he had notified the FBI.

63Red Safe is an app for far-right snowflakes who can't bear to be challenged on their political beliefs. It catalogs business establishments where pistols can be openly carried, where customers are not mocked or questioned for wearing far-right and neofascist garb, and whose owners do not talk about politics in ads and social media.

Wallace's response was not magnanimous: "No lost passwords, no breach of database, no data changed, minor problem fixed. We're angry by the attempt, FBI notified," Wallace posted to Twitter, along with a link to a Medium post in which he stated:

We see this person's illegal and failed attempts to access our database servers as a politically motivated attack, and will be reporting it to the FBI later today.