Cyberstalkers are crowdsourcing danger to victims’ doorsteps with dating apps

After visits from more than 1,000 strangers, a victim asked Grindr for help over 50 times. A judge agreed with the app’s decision to ignore his requests.

Alfred Ng Senior Reporter / CNET News
Alfred Ng was a senior reporter for CNET News. He was raised in Brooklyn and previously worked on the New York Daily News's social media and breaking news teams.
Alfred Ng
9 min read
Getty Images

Editors' note: This story contains sexually explicit language

For months, Danny Cords didn't know who was trying to ruin his life.

He was recently divorced, living in Seattle. The night he settled on the terms of the split, in March 2017, he started getting random texts from strange numbers. Hundreds of messages and calls came in between midnight and 3 a.m., most of them nonsense.

"She's your daughter," one message would say. Another one said, "ready to die??????????"

While they were terrifying, he assumed they were sent by bots. So Cords just tried to ignore them. Then it got worse. He started getting flooded with texts and calls from real people.

Strangers across the country would send him messages, saying things like: "Just text me back I'd love to explore with you," and "Where in Seattle are you i want to cum fuck."

He didn't know where these sexually explicit requests were coming from until a friend found a fake profile with his name, photo and phone number on Scruff, a gay dating app with more than 10 million users.

"Super turned on by sext's and pics," the fake profile's bio read, "Prefer text. Don't message me here."

Dating apps have changed how we view online romance, allowing people to connect from a swipe on their phones . It's commonplace now -- more than 90 percent of the US' 54 million singles have tried online dating.

But as convenient as technology has made online dating, it's also done the same for online harassment.  Stalkers are able to track their victims' every move, exploit social media to spread revenge porn, and use tools like virtual private networks to mask their identities.

For Cords, it turned his phone into a source of constant harassment.

"It's a terrifying ghost in your pocket, in every way," Cords said. "You live and die by your phone. You can turn it off, but when you turn it back on, it's rendered useless by the thousands of messages on it."

Cords' example is one of many cases across the US -- the Department of Justice prosecuted 16 last year -- in which stalkers use dating websites and apps to abuse their victims, often leading to threats at their doorsteps. These fake profiles often invite strangers to sexually assault them in real life, under the premise that the intended victims welcome it. These fraudulent profiles project a fantasy about being raped and wanting to be surprised.

"The overwhelming majority of our domestic violence cases involve some type of technological abuse," said Sadie Diaz, a senior staff attorney for Sanctuary for Families.

Stalking victims say that dating apps and services have done little to prevent this abuse. They often plead with companies to delete the fake accounts and block the stalker from creating more.

They've found that the services were either slow to respond, or in some cases, didn't respond at all.

Carrie Goldberg, an attorney in New York who specializes in cyberstalking and internet abuse cases, is representing a victim suing Grindr for ignoring more than 50 pleas to delete impersonating profiles.

"If you're hellbent on someone's destruction, you're going to be resourceful about it. But our dating apps and tech companies don't need to make it easier," Goldberg said.

The victims also found that local law enforcement often lacks the expertise and resources to handle cyberstalking cases, making it much harder to find help.

Without a formal verification process, it's also easy for cyberstalkers to make fraudulent profiles on dating services. It means that victims don't just have to worry about their stalkers showing up -- but thousands of strangers, too.  

'Nobody would do anything'

When Cords tried turning to local police for help, he showed the officer a death threat from his stalker, with an IP address connected to it. The officer, he recalled, asked him, "What's an IP?"

Even after getting a text from a spoofed number saying, "this is to confirm the removal of your intestines by any means necessary," police didn't take a report and only told Cords, "good luck," he said.

Even after Cords figured out who his stalker was -- a friend who lived with his ex-husband after their divorce -- the police didn't want to take action.

"Nobody would take a report, nobody would do anything," Cords said. "It was terrifying."


There were multiple fake profiles pretending to be Danny Cords, listing his phone number. One profile tried to end his career, claiming he was a pedophile while Cords worked with foster children.

Danny Cords

Cords' story isn't unique. Cybercrime attorneys have found that local law enforcement don't have the resources to handle digital investigations, making it difficult for stalking victims to find justice unless it catches national attention.

The FBI encourages people to report cybercrimes to the Internet Crime Complaint Center, but it doesn't have a category for cyberstalking. The closest is "Harassment/Threats of Violence."

"When incidents of cyberstalking are reported to the FBI, we work in close coordination with prosecutors and local law enforcement to triage the threat, determine whether it constitutes a violation of federal law, and investigate accordingly," an FBI spokeswoman said.

While the FBI received 16,974 complaints in 2018, the Justice Department prosecuted 16 cyberstalking cases that year.

Often the onus is on the victim to take action, from hiring a lawyer to sending cease-and-desist letters and compiling their own evidence. That's usually when law enforcement or a company begins to take you seriously.

After multiple lawyers in Washington rejected his case, Cords said he couldn't find justice until he hired Goldberg's law firm to represent him.

Ultimately, Cords' stalker, Joel Kurzynski, was sentenced to more than two years in prison for his attacks.

But Cords recalled how he felt before he was caught.

"I was so angry, and yet, so hopeless. I thought, 'this is my reality now,'" he said. "It felt like there was no way to get rid of it."

Tech failures

Matthew Herrick, of New York, wasn't aware there were multiple fake profiles of him on Grindr. Then one day in October 2016, someone showed up at his apartment expecting sex. It was the first of many.

His ex-boyfriend had created the profiles after the two broke up, and was courting strangers to come harass him in real life, his lawyers said. These accounts had names like "Raw Pig Bottom" and "Gang Bang Now," with a geolocation on the profile directing strangers to Herrick's home.

Over the next five months, about 1,100 strangers came to find Herrick, at his home and at the restaurant where he worked. On one occasion, six men arrived in the span of four minutes. One Grindr user was so angry about being turned away that he attacked Herrick's roommate, according to court documents.


Matthew Herrick's stalker, an ex-boyfriend, created multiple fake profiles and had more than 1,000 strangers harass Herrick at his home. 

Court documents

Herrick's harassment was widely reported by outlets like Wired, TMZ, BuzzFeed News and the New York Post, and he's still in the middle of a lawsuit with Grindr, with Goldberg representing him. Police arrested his ex-boyfriend as the stalker in 2017, but he still hasn't faced trial.   

Herrick asked more than 50 times for Grindr to delete fake profiles of him on the gay dating app.

In court, Grindr argued that it didn't have the technical capabilities to stop stalkers from mass-creating fake profiles.

"Grindr is committed to creating a safe and secure environment to help our community connect and thrive, and any fraudulent account is a clear violation of our terms of service," the company said in a statement.

Herrick's attorneys have argued that Grindr is failing its 6 million users with its lack of response.

"Grindr did nothing at all. That's not a responsible business. There needs to be safety provisions with these apps," said Tor Ekeland, another lawyer representing Herrick.

Cords ran into the same obstacles when he attempted to report fake profiles that his stalker created.

"We don't have to live in this trauma. We can make it better." Cords said. "One person can destroy worlds."

Technical support

For Ryan Lin, getting strangers to show up to his ex-roommate's home was on the same level as getting to "level 48" in World of Warcraft.

The 25-year-old computer programmer created several fake profiles in which he posted the former roommate's full name, address, workplace and phone numbers, along with photos he had stolen.

One imposter profile wrote: "I want to be surprised. If you have time tonight cover over to (address), DONT RESPOND, just come over. SURPRISE ME"

On May 24, 2017, three men showed up unannounced at her home. Prosecutors said she feared for her life. Lin's attorney declined to comment. 

After police arrested Lin, investigators found Lin's digital diary, where he detailed his cyberstalking campaign. Court documents showed that he had boasted about the acts alongside his video game achievements.


In a journal entry from Lin, the convicted cyberstalker bragged about his harassment next to activities like playing World of Warcraft.

Court documents

While Lin was sentenced to more than 17 years in prison, the platforms hosting the profiles aren't held liable.

Section 230 of the Federal Communications Decency Act, a law from 1996, provides immunity to tech platforms from actions of its users. Advocates argue that it's an important law that protects free speech online. It's protected Twitter from lawsuits claiming it supports terrorism because ISIS members use it, while also protecting Yelp from lawsuits about negative reviews its users leave.

When Herrick sued Grindr for failing to delete the fake accounts, a New York judge dismissed the case on Jan. 25, 2018. Nearly a year later, at an appeals hearing on Jan. 7, Grindr's lawyers echoed the same argument.

"Grindr did not create any of this content," Moez Kaba, an attorney representing Grindr, said. "There's no arguments that Grindr was in cahoots with this ex-boyfriend."

While the law protects tech platforms from being sued over these impersonating profiles, stalkers have been using this tactic more and more.

Kevin Lee, a trust and safety architect at Sift Science, an online fraud and abuse detection company, said he's seen an uptick in fake accounts on dating apps used by cyberstalkers.

His company provides fraud detection for sites like OkCupid and Zoosk. It uses machine learning to determine if accounts are created with malicious intent.

Some signs include how quickly an account was created: Real users seeking romance will often take their time curating a profile, while cyberstalkers making multiple accounts will rush through the details. The AI is also able to tell if there's multiple accounts from the same device.

"A lot of these apps know that it's a problem, but they often don't know the severity of it," Lee said. "There can be a lot of toxicity on these platforms, and they often don't know until it's too late."

Finding relief


When Cords reached out to Scruff to delete the fake profiles, they asked him for legal documents first.

Danny Cords

While Grindr ignored both Herrick's and Cords' pleas for help, Scruff was more responsive to their requests. Fake profiles of Herrick were removed within two days, and while Cords needed legal documents for action, the dating app did take down the fraudulent accounts.

Eric Silverberg, Scruff's CEO and co-founder, said the company has a focus on moderators and detecting fraud. The app's 14 million users are able to get responses from their staff within 48 hours, he said.

He explained that the company needed legal documents in Cords' case for verification, noting that malicious actors could make the same claims to get authentic accounts removed. He added that his company has invested thousands of hours to develop tools to block impersonators and bots.

"If we see evidence that this is a serial impersonator, we have a lot of tools that we can use to keep them off of our platform. We take this very seriously," Silverberg said.  

Some tech giants take responsibility even when they're not legally obligated to. Facebook, for example, continues to expand its protection against revenge porn, even if Section 230 would protect them.

After being harassed throughout 2017, Cords left Seattle for another city in Washington. More than a month after Kurzynski was sentenced to prison, he still feels under attack.

On Jan. 11, he was locked out of his Apple ID again -- a common attack his stalker would carry out during his year of torment. Cords can't prove that Kurzynski was behind the latest lockout: Part of the stalker's plea deal was that he was banned from using the internet.

He's changed his phone number, but is still struck with fear anytime his phone rings, especially if it's an unknown number.

"It's so simple and so small, but it leaves a mark on you," Cords said. "Someone has that time, energy and hatred to do this to you." 

iHate: CNET looks at how intolerance is taking over the internet.

CNET Magazine: Check out a sample of the stories in CNET's newsstand edition.
First published Jan. 22, 5 a.m. PT.
Update, Jan. 23 at 10:25 a.m.:
Clarifies title for Senior Staff Attorney Sadie Diaz.