Unsurprisingly, it seems that the type of people who avoid vaccinations aren’t good at preventative cybersecurity either.
As reported by daily item“Unjected” – a dating site specifically for people not vaccinated against COVID-19 – failed to take basic precautions to ensure the security of user data, leaving sensitive data exposed and potentially allowing anyone who to become a site administrator.
The “Unjected” site was set up to leave the admin dashboard fully accessible to anyone who knows how to find it. Through this dashboard, an administrator can access user information for any member of the site, including name, date of birth, email address, and (if available) home address.
The configuration error was discovered by a security researcher known as GeopJr, who confirmed the vulnerability of the daily item by editing live publications on the site. GeopJr apparently noticed that the site was published live to the web with “debug mode” enabled – a special set of features that software developers can use while working on the app, which should never be enabled by defect in an application that has been deployed.
With these features, the researcher was able to make almost any change to the site, including adding or removing pages, offering free subscriptions to paid services, or even deleting the entire database. post-backup data. Currently, the site is said to have around 3,500 users, all of whose data can be accessed through admin functions.
Although its user base is small, Unjected seems to have big ambitions to make connections within the unvaccinated community. In addition to providing dating services, Unjected also offers a “fertility” section where users can donate their sperm, eggs, or breast milk. In another section of the website, users can also register for a “blood bank” by providing their location and blood type. The blood bank and fertility services are both known for helping users find “mRNA-free” donors – a reference to mRNA molecules used in the Pfizer and Moderna COVID-19 vaccines.
The Unjected website is now one of the main portals for the project after the Unjected app was booted from the Apple App Store in August 2021 for violating Apple’s COVID-19 content policies. However, Android users can still download the app if they wish: it is currently still listed on the Google Play Store, where it has over 10,000 downloads and an average rating of 2.5 stars.