Anti-vaccine dating site “Unjected,” known in the past for allowing its users to promote their “mRNA-free” blood and sperm, has left its users’ personal information vulnerable for a moment.
The issue, exposed through the security researcher known as GeopJr, affects 35,509 accounts and exposes everything from full names and dates of birth to email addresses and location data.
Authentication issues in the also allowed GeopJr to not only edit users’ profiles, such as converting their profile pictures, but also read direct messages sent through users and staff.
Unjected, which bills itself as the “largest unvaccinated platform” on the internet, launched in May 2021 and temporarily made headlines after its app was removed from the Apple Store for violating its COVID-19 misinformation policies.
Despite the setback, they continued to grow and upload new features, such as the now-defunct “mRNA-free blood compatibility and fertility directories,” where users can simply offer their so-called uncontaminated blood, sperm, or eggs to theArray members. .
In July 2022, the Daily Dot exclusively revealed, thanks to GeopJr’s research, that Unjected’s admin panel was freely accessible. The security flaw allowed GeopJr, among other things, to add, modify, or disable site pages and user accounts.
Unjected co-founder Shelby Thomson refused to respond to emails from the Daily Dot, while obvious attempts were made to fix theArray, resulting in the domain being taken offline several times. After an avalanche of court cases from users about knowledge exposure, glitches, and blackouts, they returned them. And while the main problems have been resolved, many insects persist.
GeopJr reached out to the Daily Dot this month to tell it that they had chosen to check the site again, nearly two years after finding the first problems, and said Unjected “remains as unsafe as ever. “
“Once again, Unjected failed to take protective precautions, putting thousands of users at risk,” GeopJr said.
Unjected pointed to an email from the Daily Dot last week highlighting security issues, but it didn’t resolve them. While it appears that attempts were made to fix the leak, GeopJr said, those efforts have actually led to more problems on the site, adding the ability to disable anyone’s account without authentication.
Given Unjected’s inability to protect its users’ data, the Daily Dot refuses to detail precisely how the vulnerabilities were discovered. However, these factors allowed GeopJr to download profile data that does not deserve to be publicly available. Similarly, GeopJr figured out some other authentication factor that allowed them to access all of the site’s direct messages.
The Daily Dot’s review of the site’s 8,323 conversations, spanning from July 2023 to March 2024, even shows that weary users are wondering about Unjected’s security.
In a direct message to non-injected management on Jan. 10, one user said, “Thank you for creating this website, I hope it has wonderful privacy coverage from all non-injected. “
In a message sent on December 13, 2023, a foreign user also expressed his fear that knowledge of the site could be received through the U. S. government. transmitted to yours.
“I’m quite involved with this platform that collects the knowledge of other people who haven’t been stung — the U. S. government can just hack it seamlessly and get written evidence from anyone who refuses to align with the Biden administration. . . The user wrote. ” I’m really worried. . . I’m not sure about staying here. . . I’ll have to check how their cybersecurity formula and their customers are working. “
On February 9 of this year, another user complained that the site was “shady” and “difficult to use,” arguing that he rarely logged in for fear of being hacked.
“The messaging component also evolved very well, crashes as soon as I use it, and overall I feel like a shady site,” they wrote. I’m waiting to get hacked for the unvaccinated list!”
Other personal knowledge includes the longitude and latitude coordinates of users who have provided their city and state to the site or those who have selected to allow their browser a more precise location.
In an interview with the Daily Dot, Unjected gave the impression of falsely suggesting that the journalist had hacked the site in some way.
“At Unjected, we know that we are on each and every government watch list. Thank you for helping to make Unjected the safest position for unvaccinated people,” she says. “We now recommend that you use your hacking skills wisely and do anything to thwart the New World Order than to get annoyed with the organizations fighting for Team Humanity. One day, it will all make sense to you.
Unjected also alleged that he created a promotional code with the journalist’s call before urging the public to be “natural, free, not injected. “
“Whenever you’re in a position to give up Tinder or Bumble and find a beautiful, healthy girl, use promo code MIKAELISLONELY on Unjected. com to get 25% off your first month of subscription (also valid for all Daily Dot readers). “Added.
Despite security concerns, Unjected doesn’t appear to have posted anything on its accounts or social media, signaling that its users’ knowledge remains vulnerable to being compromised.
The Web is chaotic, but we’ll detail that in a daily email. Sign up for the Daily Dot’s web_crawlr newsletter here to get the most productive (and worst) from the web delivered straight to your inbox.