A newly launched app called Cancel the Hate—purportedly designed to let people submit information on critics of conservative figure Charlie Kirk—ended up leaking personal data of its own users through glaring security flaws. Cybersecurity researchers, including one known as “BobDaHacker,” showed that even when users activated privacy settings, their email addresses and phone numbers were exposed, and in some cases accounts could be deleted by outsiders. The app, which pushed users to turn in names, employers, and contact details of those deemed “supporting political violence,” suspended operations shortly after the vulnerabilities were revealed. Its founder, Jason Sheppard, has scrubbed social media presence and the app’s site now says it’s moving to a “new service provider,” though the shop page for a $23 T-shirt is still live.
Sources: CyberNews, Economic Times
Key Takeaways
– Platforms built around exposing others carry inherent risks: in this case, Cancel the Hate ironically exposed its own users instead of targeted critics.
– Basic security oversights—e.g. broken privacy settings, default public email inclusion—can turn tools meant for political or ideological ends into liabilities.
– Political or ideologically charged tech ventures may move quickly, but often cut corners on vetting, security audit, or accountability, making them unstable once scrutiny arrives.
In-Depth
The story of Cancel the Hate is a cautionary tale about how political fervor and digital tools can collide disastrously when technical safeguards are neglected. The app was launched in the wake of Charlie Kirk’s assassination, ostensibly to allow users to submit complaints about critics or those deemed to support political violence. The platform encouraged users to provide names, employer information, contact details, and other “intel” about public figures or private citizens who had expressed negative views of Kirk. Though it claimed to allow anonymity or privacy, that promise turned out to be hollow.
A security researcher calling themselves “BobDaHacker” demonstrated to Straight Arrow News and others that the app’s privacy protections did not work as intended. Even with privacy toggles active, users’ email addresses and phone numbers remained exposed. Worse, the researcher found they could delete accounts at will—meaning the system’s access controls were fundamentally broken. In tests done by journalists, leaked samples from 142 users—including a dummy account set up by the news outlet—confirmed the breach.
Once the leak came to light, Cancel the Hate suspended its reporting features and posted a vague message indicating it was moving to a different service provider. But the site remains online in parts—the T-shirt store is still active, suggesting that the commercial aspects were less vulnerable (or prioritized). Meanwhile, its founder, Jason Sheppard, deleted associated social media accounts and has not engaged publicly to explain or defend the app. Some users have reported receiving suspicious donation solicitations after signing up, fueling speculation that the project may have been at least partly exploitative or opportunistic.
At its core, the downfall of Cancel the Hate reflects deeper risks in digital projects built on naming and shaming. When the aim is to expose others, the platform must itself be airtight. This incident shows how rushed patriotic or ideological initiatives often neglect security and accountability layers. Users entrusting their data to such systems—especially in controversial or politically charged contexts—should demand rigorous privacy audits, open code reviews, and clear governance. Otherwise, those very systems can turn against the people who put faith in them, as has happened here.