Anti-vax dating site exposed data for 3,500 users through ‘debug mode’ bug
by Corin Faife from The Verge - All Posts on (#61STY)
Illustration by Carlo Cadenas / The Verge Unsurprisingly, it seems like the type of people who shun vaccinations are not great at preventative cybersecurity either.
As reported by the Daily Dot, Unjected" - a dating site specifically for people who are not vaccinated against COVID-19 - failed to take basic precautions to keep users' data secure, leaving sensitive data exposed and allowing potentially anyone to become a site administrator.
The Unjected" site was set up to leave the administrator dashboard fully accessible to anyone who knew how to look for it. Through this dashboard, an administrator could access user information for any member of the site, including name, date of birth, email address, and (if provided) their home address.
The configuration error was discovered...