Skip to main content

Anti-vax dating site exposed data for 3,500 users through ‘debug mode’ bug

Illustration by Carlo Cadenas / The Verge

Unsurprisingly, it seems like the type of people who shun vaccinations are not great at preventative cybersecurity either.

As reported by the Daily Dot, “Unjected” — a dating site specifically for people who are not vaccinated against COVID-19 — failed to take basic precautions to keep users’ data secure, leaving sensitive data exposed and allowing potentially anyone to become a site administrator.

The “Unjected” site was set up to leave the administrator dashboard fully accessible to anyone who knew how to look for it. Through this dashboard, an administrator could access user information for any member of the site, including name, date of birth, email address, and (if provided) their home address.

The configuration error was discovered by a security researcher known as GeopJr, who confirmed the vulnerability to the Daily Dot by editing live posts on the site. GeopJr apparently noticed that the site had been published live to the web with “debug mode” switched on — a special set of features for software developers to use while working on the app, which should never be enabled by default in an application that has been deployed.

Using these features, the researcher was able to make almost any change to the site, including adding or removing pages, offering free subscriptions for paid-tier services, or even deleting the entire database of post backups. Currently, the site is believed to have around 3,500 users, all of whose data was accessible through the administrator features.

Though its user base is small, Unjected seems to have big ambitions for building connections among the unvaccinated community. Besides providing dating services, Unjected also offers a “fertility” section where users can offer their semen, eggs, or breastmilk for donation. In another section of the website, users can also sign up for a “blood bank” by listing their location and blood type. Both the blood bank and the fertility services are branded as helping users find “mRNA-free” donors — a reference to the mRNA molecules used in the Pfizer and Moderna COVID-19 vaccines.

The Unjected website is now one of the main portals for the project after the Unjected app was booted from the Apple App Store in August 2021 for violating Apple’s COVID-19 content policies. However, Android users can still download the app if they want: it’s currently still listed on the Google Play store, where it has more than 10K downloads and an average review of 2.5 stars.



Source: The Verge

Popular posts from this blog

Follow these steps to connect a Pro Controller to your Android phone

Playing games on your smartphone is one of the best ways to entertain yourself. However, it can be tough to play with some games when you're just tapping on a screen. Fortunately, it's possible to sync up a traditional controller. That's where it's nice to connect your Nintendo Switch Pro Controller and get playing on the best gaming phones . By the way, the Playstation 4 controller as well as the Xbox One controller are also compatible with Android devices, if you'd prefer to use one of those. Note: You will only be able to use a Pro Controller if your phone is running Android 10 and if the game you're playing supports controllers. Additionally, the process for syncing the controller with your phone will be different from one phone to the next. How to use Switch controller on Android: Sync Pro Controller to your phone via Bluetooth Do keep in mind that some Android games — including some of the most popular titles like Genshin Impact — don't act

FCC approves broadband 'nutrition labels' to help you shop for internet

The FCC is pushing nutrition labels for internet providers. What you need to know The FCC has voted to move forward with new rules for ISPs to display nutrition labels. The proposed rulemaking would mandate ISPs to display relevant speed and pricing information to consumers. This should make it easier for consumers to make an informed decision on their broadband. The FCC voted unanimously on a plan that would allow consumers to make better decisions about their broadband internet. The proposal will require internet service providers (ISPs) - including many of the best wireless carriers in the U.S. — to display "nutrition labels" that display relevant service information for consumers at point-of-sale. This includes internet speeds, allowances, and clear information on rates. "If you walk into any grocery store and pull boxes of cereal from the shelves, you can easily compare calories and carbohydrates," FCC Chair Jessica Rosenworcel said in a statemen

I replaced my Steam Deck’s noisy fan and am so happy I did

Photo by Sean Hollister / The Verge 160 hours into Elden Ring, I’m sure of one thing: the single most annoying thing about my Steam Deck is its whiny fan. And now, I’m so happy to report there’s a way to fix it. It takes roughly 15 minutes and $30 — depending on where you live — to install a replacement fan from iFixit. Five days ago, the repair company finally got a large shipment of those fans , and I bought one right away. Now, my Steam Deck’s tiny screech is gone. Is the fan still loud? Yes, yes it is, but it’s a whoosh instead of a whine. I like to think of it as the sound of air escaping the Deck’s vents, but mostly, I don’t think about it at all. I can easily tune out the new whoosh, whereas the whine always managed to get my attention even after Valve tweaked its software to bring the fan noise down. In fact, the new fan has less whine than the electrical tape trick I showed you in April , and — YMMV — seems to be oh-so-slightly quieter overall. I did an admittedly

You can make your new Pixel look like a Teenage Mutant Ninja Turtle

A cool thing about Google’s Pixel 6 series phones is their unique camera bar design . If the finish of that strip were a different color than black — specifically blue, orange, purple, or red — it would totally look kind of like the Teenage Mutant Ninja Turtles . And now that you can’t unsee the resemblance, device outfitter Dbrand would like to help make your Pixel 6 device look like one of your favorite childhood heroes. With Google’s latest phone the Pixel 6a releasing next week , Dbrand decided it's a good time to revisit the sewers and launch its Teenage Mutant Ninja Pixels decals for all three phones. They match the green heroes-in-a-half-shell plus their masks, and include four camera decal strips that reflect the colors of Leonardo, Michelangelo, Donatello, and Raphael. Personally, I think the Pixel 6a’s two-camera array does the best job looking like proper eyes (the spidery camera array of the Pixel 6 and 6 Pro, not so much). Available now for the Pixel 6a: https://