The information of anti-vaccine people who were looking for love was made public.

New research shows that Injected, a dating app for people who don’t get their shots, didn’t protect any of its users’ information.

If you’re single and ready to meet someone, there are many dating apps to choose from these days, depending on what you want. Tinder is for one-night stands, Bumble is for respectful brunch dates, and Hinge is for people who like both. Oh, and don’t forget about Injected, a dating app for people who haven’t had their shots that also lets you donate blood and breastmilk.

A new report says that this anti-vaccine site has been sharing your information with the rest of the internet, which was not what it was meant to do. The website reportedly had a huge security hole that hadn’t been fixed until recently. This meant that anyone who knew how could sneak onto the platform and steal or change information.

The Daily Dot was the first to notice that it looked like Injected had a huge security problem. A web researcher who goes by the name GeopJr found that the site’s administrator feature didn’t have basic security and authentication measures. GeopJr says that the site’s administrator dashboard, which lets people add or change user-profiles and the site’s webpages, was completely open to the internet because the site hadn’t been taken out of “debug mode.” If a cybercriminal got into the admin seat, they could steal and change information on the site as they pleased.

To test this, the Dot even made an account on the platform. After that, GeopJr was able to get into the new account and change a lot of information, including the username, email address, and profile picture of the test account. The researcher was also able to “reply to and delete help center tickets and reported posts.” In other words, he or she was able to take over all of the site’s basic administrative tasks. He told the Daily Dot that Injected “seemed to have been set up quickly and that basic security protocols were not followed.”

The Daily Dot contacted Injected about the security issues, and the site seems to have fixed the problem with the administrator privileges. However, the site still has “a number of non-critical bugs,” according to the news site.

Total
0
Shares