A dating site for Anti-vax people has been exposed for poor cyber security, putting the data of 3500 users at risk.
‘Unjected’, a dating site specifically for people who are not vaccinated against COVID-19, failed to take basic precautions to keep users’ data secure as reported by the Daily Dot.
The poor security left sensitive data of its users exposed, allowing potentially anyone to become a site administrator.
With the administrator dashboard fully accessible to anyone who knew how to look for it, it was fair game for people looking to access user information for any member of the site, including their name, date of birth, email address, and their home address if available.
The configuration error was discovered by a security researcher known as GeopJr, who confirmed the vulnerability to the Daily Dot by editing live posts on the site.
GeopJr apparently noticed that the site had been published live to the web with the ‘debug mode’ switched on.
This is a user interface used by software developers to allow them to view and manipulate the program’s internal state for the purpose of debugging. Obviously, leaving it on by default on a live application is a major privacy threat.
Using this feature, the researcher was able to make almost any change to the site, including adding or removing pages, offering free subscriptions for paid-tier services, or even deleting the entire database of post backups.
Currently, the site is believed to have around 3,500 users, all of whose data is accessible if you knew where to look.
Unejected’s website states that it was created by two moms in Hawaii, during the height of the vaccine rollout in spring of 2021.
The website calls itself a ‘multi-faceted platform of health conscious, covid-19 unvaccinated humans who believe in medical freedom, freedom of choice, freedom of speech & bodily autonomy’.
It claims to have 110,000 members in 85 different countries. The site also offers mRNA-free blood directories & fertility directories to ‘protect the integrity of the population’.
In August 2021, the app was removed from the Apple App Store for violating Apple’s Covid-19 content policies.
However, Android users can still download the app as it’s currently listed on the Google Play store, where it has more than 10K downloads and an average review of 2.5 stars.
Source: Read Full Article