Anti-Vax Dating Site Injected Suffers Data Breach

Image for article titled Anti-Vaxxers Looking for Love Had Their Data Exposed

screenshot: Lucas Ropek/Unjected

These days, if you’re single and ready to mingle, there are a wealth of dating apps to choose from—depending on what you’re looking for. For one-night stands, there’s Tinder; for respectful brunch dates, there’s Bumble; and for people who believe in both, there’s Hinge. Oh, but don’t forget unjected—a dating app for the unvaccinated that also lets you donate your blood and breastmilk (????).

According to a new report, another unintended feature of this anti-vax site has been that it shares your data with the internet. Until recently, a giant security hole allegedly sat unfixed on the website, allowing anyone with the know-how to sneak onto the platform and steal or change information.

The Daily Dot was the first to note that Unjected appeared to have a massive security problem on its hands. According to the outlet, a web researcher who goes by GeopJr discovered that the site’s administrator feature was missing basic security and authentication protections. GeopJr says that the site’s administrator dashboard, which allows a person to add or edit user profiles and the site’s webpages, was left totally open to the internet because the site hadn’t been taken out of “debug mode.” Climbing into the admin seat, a cybercriminal could basically steal and edit information from the site at will.

To test this, the Dot even set up an account with the platform, after which GeopJr managed to get inside of the new account and change a bunch of information, including the test account’s username, email, and profile picture. The researcher was also able to “reply to and delete help center tickets and reported posts,” essentially taking over all the basic administrative responsibilities of the site. He told the Daily Dot that Unjected “appeared to have been set up hastily and that basic security protocols were ignored.”

After The Daily Dot reached out to Unjected about the security issues, the site appears to have fixed the issue with the administrator privileges, but the outlet notes that “numerous non-critical bugs remain.”

So, yeah, doesn’t sound like a great situation. But as harrowing as they are, allow me to diverge from the security issues for a minute and jump back to the site itself because, jeez, does it have some really interesting stuff on there. For one thing, the site compares itself to Craigslist (you might remember how that site’s dating page went down in flames not long ago), then goes on to fill in the details (emphasis and weird grammatical choices theirs):

Created by two moms in Hawaii, during the height of the vaccine rollout spring 2021; Unjected is a multi-faceted platform of health conscious, covid-19 unvaccinated humans who believe in medical freedom, freedom of choice, freedom of speech & bodily autonomy. After slander in the media, we have grown to an ever multiplying 110,000 members in 85 different countries around the world in pursuit of love, friendships, community, business connections, and even mRNA free blood directories & fertility directories to protect the integrity of the population.

Yess, finally, the Craigslist-like dating experience you’ve been searching for and a way to donate your precious bodily fluids, all in one go. What a goddamn deal. For just $11.11 a month, you can apparently subscribe to “premium” services, whatever those entail.

We reached out to Unjected for more details about its security issues and will update this story if they respond.


Leave a Comment

Your email address will not be published.