Covid 19: Anti-vaccine dating site left user data unsecured

An anti-vaccine dating website that allows people to match with other unvaccinated people for romance or to trade blood or reproductive material has been called out after a security flaw exposed its users' private information.

Unjected, which hit the headlines in 2021 when it was removed from Apple's app store, bills itself as a "multi-faceted platform of health conscious, Covid-19 unvaccinated humans who believe in medical freedom, freedom of choice, freedom of speech & bodily autonomy".

They claim users can find love, friendships or "mRNA free" blood, sperm and eggs on directories designed to "protect the integrity of the population".

The discovery of the site's security was found by the programmer and security researcher known online as GeopJr, the Daily Dot reported.

They found the site's administrator dashboard was left open and could be accessed by anyone.

GeopJr found this wide-open backdoor allowed access to private user information "that someone with malicious intent could abuse".

GeopJr told the Daily Dot that the site appeared to have been constructed in haste and basic security measures were not taken.

"Almost none of the actions an admin or a user can take require any kind of authentication whatsoever," they said. "Anyone can directly manipulate parts of its database and its content."

After the Daily Dot began contacting members to discuss the issue, Unjected's co-founder Shelby Thomson posted a comment online acknowledging the issue before emailing the Daily Dot to promise to secure the information.

But in attempting the fix admins appear to have matters worse and exposed even more personal information, leaving users furious.

"I'm trying to be as kind as possible when I say, take the app down now before you end up in the courts and don't release it until you do proper software development testing on it," one user wrote after his home address was published online.

"I take my privacy and security very serious and your app has several violated trust, security, privacy and safety."

The service, which claims to have users in 85 countries, went down while more repairs were made before coming back online with the major privacy issues fixed.