Posts

phone

Anti-Vax Dating Site Could Expose Data From Over 3,500 Users Due To Bug 

“Unjected” is a dating site specifically made for individuals who are not vaccinated against Covid-19. According to reports from the Daily Dot, the site failed to take basic precautions when it came to keeping users’ data secure, which left sensitive personal information exposed and vulnerable to potentially anyone. 

The site’s dashboard was set up to be fully accessible to the websites administrator, however, the way it was configured allowed anyone to log into the back end of  the site if they knew how to look for it. 

Embed from Getty Images

Through the dashboard, administrators can view user information for everyone on the site, including names, birthdays, email addresses, and home addresses. 

A security researcher known as GeopJr is credited for confirming the site’s vulnerability, explaining that “the site had been published live to the web with ‘debug mode’ switched on – a special set of features for software developers to use while working on the application, which should never be enabled by default in an application that has been deployed for the public.” 

The researcher known as GeopJr found that they were able to make almost any change to the site after easily being able to log into the dashboard. They could add or remove pages, offer free subscriptions for paid-tier services, or even delete the entire database of posts and their backups. 

The site is currently believed to have about 3,500 users, all of whose data was accessible through the administrator features. 

Embed from Getty Images

Unjected seemingly has big ambitions to expand the site and build connections among those who are unvaccinated. Besides the dating aspect of the site, users can explore a “fertility” section where others can offer their semen, eggs, or breastmilk for donation. 

In another section of the site, users can sign up for a “blood bank” by listing their location and blood type. Both the blood and fertility =aspects of the site are advertised as helping individuals find “mRNA-free” donors; referring to the mRNA molecules found in the Pfizer and Moderna Covid-19 vaccines. 

The Unjected website is the main way that users can use the application, as the phone app was banned from the Apple App Store in August 2021 for violating Apple’s Covid-19 content policies regarding the spread of misinformation. 

The app is still listed on the Google Play store for Android users, where it has more than 10,000 downloads and average review of 2.5 stars.