An investigative journalist has disclosed large volumes of personal data taken from several white supremacist dating websites, after identifying basic security failures that allowed unrestricted access to user information. The exposure centres on WhiteDate, a dating platform marketed toward users seeking relationships based on racist and exclusionary beliefs, along with two closely linked sites, WhiteChild and WhiteDeal, which shared the same infrastructure and administrator.
The journalist, who uses the pseudonym Martha Root, said the sites were operated by a single individual based in Germany and were built using similar technical frameworks. According to the disclosure, the dating platforms stored user data in a way that allowed it to be downloaded without authentication. In one instance, modifying a publicly accessible web address enabled the retrieval of the entire user database without logging in or providing credentials.
The exposed material includes more than 8,000 user profiles and approximately 100 GB of data. Because the platforms functioned primarily as dating services, the profiles contained extensive personal and relationship-focused information. This included age, gender, location, marital status, education level, employment details, income range, physical characteristics, and stated preferences related to dating and family planning.
Many profiles on WhiteDate and the related sites also included photographs uploaded for matchmaking purposes. According to the journalist, these images retained embedded metadata that had not been removed by the platforms. The metadata included time stamps and precise location coordinates, which could be used to infer where users lived or where profile photos were taken.
The journalist said no advanced hacking techniques were required to access the data. The exposure resulted from an insecure configuration and the absence of basic access controls. Core functions used to manage dating profiles and user records were accessible without proper authorisation, allowing bulk downloads of information intended for a closed user community.
To examine how the dating platforms operated, the journalist created automated user accounts that were accepted with minimal verification. These accounts were able to browse profiles and interact with site features in the same way as regular users. The journalist said private messages exchanged between users were not released as part of the disclosure.
The collected data was shared with journalists and researchers through Distributed Denial of Secrets, which hosts datasets made available for public interest research. A separate project website created by the journalist visualised the geographic distribution of users based on location data found in profiles and image files.
The findings were presented at a cybersecurity conference in Germany, where the journalist outlined how WhiteDate and the related dating sites handled large volumes of sensitive personal data without standard safeguards. The presentation focused on the technical weaknesses of the platforms and how those weaknesses allowed unrestricted access to user information.
The journalist said the purpose of the work was to document how the dating websites functioned and to demonstrate the consequences of operating matchmaking services without basic security protections. The exposure shows how personal data shared for dating purposes on WhiteDate and related platforms became accessible beyond the sites’ intended audience due to fundamental design and security failures.