Anti-Vax Dating Site That Promised “MRNA Free Semen” Left User Data Exposed
What a shock: The anti-vax geniuses behind an anti-vax dating site weren’t smart enough to know how to build a secure website. Of course, the people using the site probably don’t even understand what it means to have their data exposed, so I doubt they care (or are even aware of what happened). Via DailyDot:
An anti-vaccine dating website that allows users to procure “mRNA FREE” semen left its users’ personal data exposed online.
The site, Unjected, launched in May 2021 and claims to be the “largest unvaccinated platform” on the internet.
Similar in design to Twitter and often referred to as the “Tinder for anti-vaxxers,” Unjected has remained under the radar ever since, quietly adding new features for its small userbase. The site now offers what it describes as “mRNA FREE blood match & fertility directories” where unvaccinated users can donate blood, sperm, or eggs to one another.
Yet, according to the programmer and security researcher known online as GeopJr, the site’s administrator dashboard was openly accessible to anyone. The dashboard allows Unjected’s administrators to add, edit, or deactivate pages, such as the website’s “About Us” section, as well as users’ accounts.
The discovery was made after GeopJr noticed that Unjected’s web application framework had been left in debug mode, allowing them to learn pertinent information “that someone with malicious intent could abuse.”
[DailyDot]
