Anti-vandal dating site exposed data of 3,500 users through “debug mode” error

Unsurprisingly, it seems that the type of people who avoid vaccination aren’t good at preventative cybersecurity either.

As I mentioned before daily point“Not Denied” – a dating site dedicated to people who haven’t been vaccinated against COVID-19 – failed to take basic precautions to keep users’ data safe, leaving sensitive data exposed and letting anyone potentially become responsible for the site.

The “Not Denied” site is set up to leave the admin control panel fully accessible to anyone who knows how to look for it. Through this dashboard, the administrator can access the user information of any member of the site, including their name, date of birth, email address and (if provided) their home address.

The configuration error was discovered by a security researcher known as GeopJr, who confirmed the existence of a vulnerability in daily point By editing live posts on the site. GeopJr apparently noticed that the site was published live on the web with “debug mode” turned on – a special set of features for developers to use while working on the application, which should not be enabled by default in an application that has been deployed.

Using these features, the researcher was able to make almost any change to the site, including adding or removing pages, offering free subscriptions to paid services, or even deleting the entire database of publication backups. Currently, the site is believed to have about 3,500 users, all of whose data can be accessed through administrator features.

Although its user base is small, Unjected appears to have great ambitions to build connections among the unvaccinated community. Besides offering dating services, Unjected also offers a Fertility section where users can offer semen, eggs or breast milk for donation. In another section of the site, users can also sign up for a “blood bank” by listing the location and blood type. Both the blood bank and fertility services are labeled as helping users find “mRNA-free” donors – a reference to the mRNA particles used in the Pfizer and Moderna COVID-19 vaccines.

The Unjected website is now one of the project’s main portals after the Unjected app launched from the Apple App Store in August 2021 for violating Apple’s COVID-19 content policies. However, Android users can still download the app if they wish: it’s still currently listed on the Google Play Store, with over 10,000 downloads and an average review of 2.5 stars.

Leave a Reply

%d bloggers like this: