Anti-vax dating site exposed data for 3,500 users through ‘debug mode’ bug
Share this @internewscast.com


Unsurprisingly, it seems like the type of people who shun vaccinations are not great at preventative cybersecurity either.

As reported by the Daily Dot, “Unjected” — a dating site specifically for people who are not vaccinated against COVID-19 — failed to take basic precautions to keep users’ data secure, leaving sensitive data exposed and allowing potentially anyone to become a site administrator.

The “Unjected” site was set up to leave the administrator dashboard fully accessible to anyone who knew how to look for it. Through this dashboard, an administrator could access user information for any member of the site, including name, date of birth, email address, and (if provided) their home address.

The configuration error was discovered by a security researcher known as GeopJr, who confirmed the vulnerability to the Daily Dot by editing live posts on the site. GeopJr apparently noticed that the site had been published live to the web with “debug mode” switched on — a special set of features for software developers to use while working on the app, which should never be enabled by default in an application that has been deployed.

Using these features, the researcher was able to make almost any change to the site, including adding or removing pages, offering free subscriptions for paid-tier services, or even deleting the entire database of post backups. Currently, the site is believed to have around 3,500 users, all of whose data was accessible through the administrator features.

Though its user base is small, Unjected seems to have big ambitions for building connections among the unvaccinated community. Besides providing dating services, Unjected also offers a “fertility” section where users can offer their semen, eggs, or breastmilk for donation. In another section of the website, users can also sign up for a “blood bank” by listing their location and blood type. Both the blood bank and the fertility services are branded as helping users find “mRNA-free” donors — a reference to the mRNA molecules used in the Pfizer and Moderna COVID-19 vaccines.

The Unjected website is now one of the main portals for the project after the Unjected app was booted from the Apple App Store in August 2021 for violating Apple’s COVID-19 content policies. However, Android users can still download the app if they want: it’s currently still listed on the Google Play store, where it has more than 10K downloads and an average review of 2.5 stars.

Share this @internewscast.com
You May Also Like

Endling – Extinction is Forever Review: it is not afraid to hurt you

In a video game climate that bends over backwards to assure you…

Go read this report on ByteDance employees with ties to Chinese state media

Hundreds of employees at TikTok’s parent company ByteDance used to work for…

How to enable the Flex Mode panel on Galaxy Z Flip and Z Fold phones

So you’re the proud owner of one of Samsung’s foldables. Look at…

Apple held up Telegram’s latest update over emoji

Telegram released a new update on Frida,y just one day after Telegram…

Tower of Fantasy: What do all the currencies mean?

TOWER of Fantasy is the newest free-to-play online gacha game and it…

Rivian lost $1.71 billion and delivered 4,467 vehicles in Q2 of 2022

Rivian, the buzzy electric vehicle company backed by Ford and Amazon, reported…

YouTube is reportedly working on a channel store — and so is everyone else

YouTube is building a system that would allow users to subscribe to…

Peloton gears up to hike prices, lay off employees, and shutter stores

Peloton CEO Barry McCarthy had his job cut out for him when…