TechnologyAnti-vax dating site exposed data for 3,500 users through ‘debug mode’ bug

Anti-vax dating site exposed data for 3,500 users through ‘debug mode’ bug

Unsurprisingly, it seems like the type of people who shun vaccinations are not great at preventative cybersecurity either.

As reported by the Daily Dot, “Unjected” — a dating site specifically for people who are not vaccinated against COVID-19 — failed to take basic precautions to keep users’ data secure, leaving sensitive data exposed and allowing potentially anyone to become a site administrator.

The “Unjected” site was set up to leave the administrator dashboard fully accessible to anyone who knew how to look for it. Through this dashboard, an administrator could access user information for any member of the site, including name, date of birth, email address, and (if provided) their home address.

The configuration error was discovered by a security researcher known as GeopJr, who confirmed the vulnerability to the Daily Dot by editing live posts on the site. GeopJr apparently noticed that the site had been published live to the web with “debug mode” switched on — a special set of features for software developers to use while working on the app, which should never be enabled by default in an application that has been deployed.

Using these features, the researcher was able to make almost any change to the site, including adding or removing pages, offering free subscriptions for paid-tier services, or even deleting the entire database of post backups. Currently, the site is believed to have around 3,500 users, all of whose data was accessible through the administrator features.

Though its user base is small, Unjected seems to have big ambitions for building connections among the unvaccinated community. Besides providing dating services, Unjected also offers a “fertility” section where users can offer their semen, eggs, or breastmilk for donation. In another section of the website, users can also sign up for a “blood bank” by listing their location and blood type. Both the blood bank and the fertility services are branded as helping users find “mRNA-free” donors — a reference to the mRNA molecules used in the Pfizer and Moderna COVID-19 vaccines.

The Unjected website is now one of the main portals for the project after the Unjected app was booted from the Apple App Store in August 2021 for violating Apple’s COVID-19 content policies. However, Android users can still download the app if they want: it’s currently still listed on the Google Play store, where it has more than 10K downloads and an average review of 2.5 stars.

Latest

‘Andor’ episode 4 soars as we finally meet the Rebels of ‘Star Wars’

The question of whether or not the next episode...

How Dutchie raised half a billion for cannabis tech on TechCrunch Live

Ross Lipson co-founded Dutchie in 2017 and has since...

The US venture capital slowdown doesn’t look that bad

This year is supposed to be a venture-capital wasteland,...

Orionid meteor shower 2022: When, where & how to see it

The Orionid meteor shower will peak between Oct. 21...

Don't miss

Addison Rae’s dad Monty Lopez loses TikTok blue checkmark

Monty Lopez really can't seem to catch a break...

Andrew Tate shares ‘final message’ after being cancelled

Andrew Tate has released an hour-long "final message" via YouTuber-turned-boxer Jake Paul in response to his ban from social media.

Dixie D’Amelio cheated on Noah Beck with Lil Baby

Sheesh! We've got some extremely juicy cheating allegations here...

Groundbreaking AI-powered artist FN Meka signs to record label

FN Meka is the world's first AI-powered artist to sign with a major label. He has over one billion views on TikTok as the platform's top “virtual being.”

What is Hustlers University and who is Andrew Tate?

Hustlers University claims to be an online program which aims to help people make money online through 18 modern wealth creation methods.