“Cancel the Hate” app leaked user data
Categories: Cybersecurity, Data Breach, Data Breaches, Data Privacy, Data Safety, Digital Footprint, Privacy Guides, Social Media
What is this app?
“Cancel the Hate” was an app tied to a website that invited people to submit reports about individuals accused of criticizing activist Charlie Kirk. According to Straight Arrow News, it launched shortly after the Sept. 10 shooting of Kirk and asked users to provide names, locations, and employers of alleged offenders. The site stated that it sought “transparency” and discouraged harassment.
What was exposed
A flaw in the companion social-style app allowed personal data about its users to be accessed. According to Straight Arrow News, email addresses and phone numbers could be retrieved, and emails were placed in profile bios by default in a way many users may not have realized. The outlet reports the data could be exposed even when privacy settings were turned on.
An Economic Times summary of the incident also notes that email addresses and phone numbers were exposed as part of the same vulnerability.
How the issue was discovered
A security researcher using the handle “BobDaHacker” said that they found the flaw, provided a sample dataset of 142 users, and demonstrated that the weakness could even be used to delete user accounts. The newsroom says it verified the issue by creating and losing access to a test account.
What happened next
SAN says it contacted the project through its website but did not receive a response. Hours later, the page hosting the app was taken offline while the outlet continued to review the copy it had obtained. A user reached by the newsroom confirmed they had downloaded the app and reported receiving a surge of donation emails afterward.
Economic Times adds that the app went offline after the reports and that the founder’s social profiles, along with those tied to the project, were later deleted without public explanation.
Who is behind the project
Conservative activist Jason Sheppard was identified as the founder and cites his claim that the project received more than 38,000 reports within the first 30 hours. SAN also quotes language about using the app to “organize and focus on outing” targets.
The report reiterates the leak details and the subsequent removal of the app, mirroring the account above.
Why this matters
Incidents like this show how easily personal data can be exposed when new platforms collect information and move quickly. Users who believed their details would remain private found that their email addresses and phone numbers were still retrievable due to how profiles and privacy controls were configured. That gap can lead to spam, harassment, or account takeover attempts if attackers reuse leaked contact details across services.
What you can do now
- Review what you shared. If you created an account for the app, consider changing any passwords reused elsewhere and watch for suspicious emails or texts. At least one user has reported receiving unexpected donation requests after signing up. The same happened with the Tea app earlier this year.
- Use unique passwords and a password manager like Bitwarden. Reused credentials raise the risk of compromise when emails or phone numbers leak.
- Turn on two-factor authentication everywhere you can. A one-time code can limit access even if an attacker learns your password.
- Treat “privacy” toggles in new apps with caution. Until they are tested, assume profile fields might be visible or accessible through unintended paths.
- Reduce the public clues that connect accounts to you. The less data about you that is easy to find, the lower the potential impact when a new service fails.
How Redact can help
You cannot control how every app handles data, but you can control your public footprint. Redact helps you remove old posts, comments, likes, and messages across major platforms in bulk. You can filter by keyword or date, preview before deleting, and schedule recurring cleanups. A smaller, quieter footprint gives attackers and scrapers less to collect, which reduces the fallout if a new platform mishandles your information.
Redact supports dozens of other major social and productivity platforms. You can try it free for deletions on Discord, Twitter, Facebook, and Reddit.
