BobDaHacker πŸ³οΈβ€βš§οΈ (she/her)'s Avatar

BobDaHacker πŸ³οΈβ€βš§οΈ (she/her)

@bobdahacker.com

Can we hack it?? Yes we can!!! 😎😎😎 Hey Im BobDaHacker an ethical hacker πŸ€“ Thx 4 coming to my ted talk https://bobdahacker.com

131
Followers 17
Following 20
Posts 29.07.2025
Joined
Posts Following

Latest posts by BobDaHacker πŸ³οΈβ€βš§οΈ (she/her) @bobdahacker.com

Preview
Petlibro: Your Pet Feeder Is Feeding Data To Anyone Who Asks How I found critical vulnerabilities in Petlibro smart pet feeders allowing complete account takeover via broken OAuth, access to anyone's pet data, device hijacking, and private audio recordings - an...

🐱 Found critical vulns in Petlibro smart pet feeders - $500 bounty

-Auth bypass
-hijack any device
-Private audio recordings exposed

They "fixed" it but left the old endpoint up for "legacy compatibility"

bobdahacker.com/blog/petlibro

#InfoSec #BugBounty #IoT #Security #Petlibro #CyberSecurity

27.12.2025 14:05 πŸ‘ 4 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Preview
Bandsintown: How I Almost Rickrolled 191k People How I found a verification bypass in Bandsintown that let anyone claim unclaimed artist pages with a single API call - including Rick Astley's 191k followers, their emails, and the ability to send pus...

🎡 Found a verification bypass in Bandsintown - fixed

Used API endpoint to claim any unclaimed artist
Got full access to Rick Astley's 191k followers
Emails, names, push notifs

Could have rickrolled 191k people. I did not.
bobdahacker.com/blog/bandsin...
#InfoSec #BugBounty #Security #CyberSecurity

26.12.2025 06:10 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
Taimi: Finding Everyone's Private Photos Was Easy, But So Was Getting Paid How I found critical IDOR vulnerabilities in Taimi that exposed

πŸ”“ Found critical vulns in Taimi (LGBTQ+ dating app) - fixed, $10k bounty

- "Expiring" videos didn't expire
- Decrement ID = anyone's private videos

Taimi handled this right. Fast fix, proper bounty.

bobdahacker.com/blog/taimi-i...

#InfoSec #BugBounty #IDOR #Taimi #Security #CyberSecurity

26.12.2025 05:18 πŸ‘ 2 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Post image Post image

Apparently tons of people registered accounts on tons of platforms with i@hate.you

Not knowing that .you would come to exist in 2025.

Lmfao

24.10.2025 11:12 πŸ‘ 1 πŸ” 1 πŸ’¬ 0 πŸ“Œ 0
Preview
i hate you i hate you so much that i made this just for you ❀️

rate my Subdomain on my Domain

i.hate.you

#CyberSecurity #InfoSec #domains #subdomain #programming #ProgramerHumour #Privacy

24.10.2025 11:11 πŸ‘ 6 πŸ” 0 πŸ’¬ 1 πŸ“Œ 0

Check dms πŸŽƒ

05.10.2025 02:08 πŸ‘ 1 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Post image

Every day, I pray for a world where everyone is kind and respectful of each other, regardless of gender.

May unreasonable attacks against transgender people endπŸ³οΈβ€βš§οΈπŸ³οΈβ€πŸŒˆ

May today be filled with happiness and love for you all🀍

24.09.2025 10:51 πŸ‘ 10805 πŸ” 3054 πŸ’¬ 116 πŸ“Œ 83
Preview
I Hacked BellaBot and Every Robot from China's Biggest Robotics Company (Pudu Only Fixed It When I Told Their Clients) Critical vulnerabilities in Pudu Robotics allowed unauthorized control of every Pudu Robotics Robot worldwide. They ignored emails until I contacted Skylark Holdings and Zensho about their compromised...

Hacked every BellaBot & Pudu robot globally. Ignored emails until I told their biggest customers. Fixed in 48hrs after that.

Their response was ChatGPT with "[Your Email Address]" placeholder still in it 😭

Full story: bobdahacker.com/blog/hacked-...

#robotics #security #cybersecurity #infosec

29.08.2025 12:33 πŸ‘ 6 πŸ” 2 πŸ’¬ 2 πŸ“Œ 0
Preview
Blog | BobDaHacker Security research, vulnerability disclosures, and tech thoughts

finally caved and added an RSS feed to my blog after everyone kept begging me in DMs 😀

find it yourself at bobdahacker.com/blog
now stop asking me about it lol

#RSS #cybersecurity #blog #infosec #bugbounty #hacker

25.08.2025 02:30 πŸ‘ 3 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

Bruh, that would be illegal. I'm not gonna do illegal things. Also McDonald's gave me nothing.

23.08.2025 12:15 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
How I Hacked India's Biggest Dating App (They Offered Me a $100 Gift Card) Flutrr, India's biggest dating app backed by The Times of India, has critical security flaws allowing anyone to access all user data, send messages as anyone, and control any account. They've known si...

Hacked India's biggest dating app Flutrr (backed by Times of India). Every API endpoint is broken - I could read anyone's messages, swipe for them, change their profile. No auth checks anywhere.

bobdahacker.com/blog/indias-...

#cybersecurity #infosec #india #dating #vulnerability #bugbounty

19.08.2025 22:25 πŸ‘ 3 πŸ” 1 πŸ’¬ 1 πŸ“Œ 0
When South Park's Restaurant Had Worse Security Than Cartman's Password How I found critical security vulnerabilities in Matt Stone and Trey Parker's Casa Bonita restaurant, exposing customer data, payment info, and their entire POS system - plus how I accidentally got a ...

Hacked South Park's Casa Bonita. Could access their entire POS system and see all customer payments/tips. No security contact anywhere 😬

Fixed fast but never thanked me. Got a Founders Club card 6 months later though πŸ˜‚

bobdahacker.com/blog/i-hacke...

#SouthPark #infosec #hacking #cybersecurity

18.08.2025 04:55 πŸ‘ 5 πŸ” 1 πŸ’¬ 1 πŸ“Œ 0
Preview
How I Hacked McDonald's (Their Security Contact Was Harder to Find Than Their Secret Sauce Recipe) How I found critical security vulnerabilities in McDonald's systems affecting millions of employees, and had to cold-call their HQ pretending to know security staff just to report them.

Found huge security flaws in McDonalds: crew members could access corporate sites, API keys exposed. Had to call HQ pretending to know people to report it 🀦

They fixed it but fired my friend who helped

bobdahacker.com/blog/mcdonal...

#McDonalds #hacking #cybersecurity #infosec #bugbounty

18.08.2025 04:54 πŸ‘ 10 πŸ” 2 πŸ’¬ 3 πŸ“Œ 0
Preview
Lovense Dan Liu response

@lovense-official.bsky.social
Dan Liu's threat to pursue litigation against @bobdahacker.com is the most ignorant shit I've even seen in my years of #dlp and #cybersecurity.

Plenty of proof of the #vuln, and the lack of response before public disclosure.

www.documentcloud.org/documents/26...

01.08.2025 15:17 πŸ‘ 1 πŸ” 1 πŸ’¬ 1 πŸ“Œ 0
BobDaHacker (@bobdahacker@infosec.exchange) Found critical vulns in Lovense (the biggest sex toy company) affecting 11M+ users. They ignored researchers for 2+ years, then fixed in 2 days after public exposure. 🀦 What I found: - Email disclosu...

If anyone has mastodon, please boost and favorite this

infosec.exchange/@bobdahacker...

31.07.2025 11:31 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

butt plug man it was fixed please retweet my latest post on bluesky and twitter thx butt plug man

30.07.2025 14:03 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0

butt plug man it was fixed please retweet my latest post on bluesky and twitter thx butt plug man

30.07.2025 14:02 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
Lovense: The Company That Lies to Security Researchers How Lovense has ignored the same critical vulnerabilities for 2+ years, lied about fixes, and manipulated bounty payouts while leaving 10s of millions of users exposed.

🚨 Lovense finally fixed their email leak after public pressure

They said: 14 months
Reality: 2 days after going viral

11M+ users at risk for YEARS. Read the full deception: bobdahacker.com/blog/lovense...

#InfoSec #Privacy #CyberSecurity #BugBounty

30.07.2025 13:45 πŸ‘ 6 πŸ” 4 πŸ’¬ 1 πŸ“Œ 1

shame on Lovense

29.07.2025 20:16 πŸ‘ 0 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Post image

x.com/radiantnmyhe...

More people are coming out against Lovense

29.07.2025 17:29 πŸ‘ 5 πŸ” 0 πŸ’¬ 0 πŸ“Œ 1

I agree

29.07.2025 16:57 πŸ‘ 2 πŸ” 0 πŸ’¬ 0 πŸ“Œ 0
Preview
Lovense: The Company That Lies to Security Researchers How Lovense has ignored the same critical vulnerabilities for 2+ years, lied about fixes, and manipulated bounty payouts while leaving 10s of millions of users exposed.

PSA: Lovense products leak your email from just your username. Reported in March, still broken.

Worse: Another Vulnerability was "fixed" in 2023 but wasn't. Company lied to researchers for 2+ years.

Full breakdown: bobdahacker.com/blog/lovense...

#cybersecurity #infosec #bugbounty #privacy

29.07.2025 11:05 πŸ‘ 95 πŸ” 58 πŸ’¬ 3 πŸ“Œ 3