Anti-vax dating site is unsurprisingly bad at data security
It turns out that the Venn diagram of people who pridefully reject the COVID-19 vaccination and people who do not take measures to protect their data security is pretty much a circle.
Unjected, an actual, real-life dating site, was created specifically for people who are not vaccinated against COVID-19 and claims to be the "largest unvaccinated platform" online. Beyond exclusively helping anti-vaxxers find love (please, Netflix, do not make this a reality TV show), Unjected also provides a place for users to offer their blood, semen, eggs, or breastmilk for donation. And it's having a bit of a cybersecurity issue, the Daily Dot reported.
Programmer and security researcher GeopJr, who describes themself as "a CS Student 🧑🎓 from Greece 🇬🇷," discovered that anyone could access the site's administrator dashboard, which allows users to add, edit, or deactivate pages. Through this dashboard, they can also access user information for any member, including their name, date of birth, email address, and sometimes even their home address.
You May Also Like
"Almost none of the actions an admin or a user can take require any kind of authentication whatsoever," GeopJr told the Daily Dot. "Anyone can directly manipulate parts of its database and its content."
GeopJr figured out the error when the site was published live online with debug mode switched on. Debug mode allows users to change the site's code for the purpose of debugging, which is a wild thing to turn on for an application that's already live online with around 3,500 active users. It's through this debug mode that GeopJr made changes to the site.
The entire site first went offline on Friday, July 22 after the Daily Dot reached out to Unjected, and went on and offline all weekend. On Monday, July 25, the site was brought back online — maybe for good. According to the Daily Dot, the exposure of user data is fixed.
Unjected has already gone through the ringer. Back in August 2021, the Apple App Store kicked it out for violating Apple's COVID-19 policies, so it's now predominantly making the rounds with Android users and folks on desktop.
With the app still up and running, it's clear it's trying to spread quickly — but I can think of at least one thing that famously spreads faster than Unjected.
Topics Apps & Software COVID-19
Christianna Silva is a senior culture reporter covering social platforms and the creator economy, with a focus on the intersection of social media, politics, and the economic systems that govern us. Since joining Mashable in 2021, they have reported extensively on meme creators, content moderation, and the nature of online creation under capitalism.
Before joining Mashable, they worked as an editor at NPR and MTV News, a reporter at Teen Vogue and VICE News, and as a stablehand at a mini-horse farm. You can follow her on Bluesky @christiannaj.bsky.social and Instagram @christianna_j.
