It turns out that the Venn diagram of people who pridefully reject the COVID-19 vaccination and people who do not take measures to protect their data security is pretty much a circle.
Unjected, an online dating site, was created specifically for those people who are not vaccinated against COVID-19.
Claiming to be the "largest unvaccinated platform," its goal is to exclusively help anti-vaxxers find love. Not only that, as Unjected also provides "mRNA FREE blood match & fertility directories," where users can donate their blood, semen, eggs, or breastmilk.
Users can also offer to be a surrogate.
And this time, Unjected had a serious security issue.

A Greek programmer and security researcher that goes with the name 'GeopJr', discovered that anyone with an internet connection could access the site's administrator dashboard.
This allows anyone to add, edit, or deactivate pages.
Through the administrator access, anyone could also access any of Unjected user data, and see things like their name, date of birth, email address, IP address, browser information, and more. And sometimes, some of the users have also included their home address.
"Almost none of the actions an admin or a user can take require any kind of authentication whatsoever," said GeopJr. "Anyone can directly manipulate parts of its database and its content."
GeopJr found this unsecured administrator dashboard in an error.
At that time, the team at Unjected left the site online with its debug mode switched on.
Debug mode allows developers of the site to change the site's code for the purpose of debugging. GeopJr who realized this debug mode being left on, managed to make changes to the site.
Besides that, GeopJr was also able to access the site's backup, with the ability to download and delete it. GeopJr was also able to give away $15 per month subscriptions to Unjected, as well as reply to and delete help center tickets and reported posts.
In short, Unjected was stripped naked without any security in place.
GeopJr argued that the Unjected seemed to have seen set up hastily, since some of the crucial but basic protocols were ignored.
"Almost none of the actions an admin or a user can take require any kind of authentication whatsoever," GeopJr said. "Anyone can directly manipulate parts of its database and its content."
After GeopJr who published his findings to The Daily Dot, had the digital media company reach the Unjected team.

The site was then put offline after Unjected’s co-founder Shelby Thomson acknowledged the issue.
Days later, the site returned online, with the debug mode switched off.
But the damage is already done.
Unjected has around 3,500 users. Anyone who managed to stumble the debug mode on the site could have stolen everything the site has.
Launched back in May 2021, Unjected initially operated quietly and under the radar.
It made its first headlines when its app was removed from the Apple App Store for violating the company’s policies regarding COVID-19.
It boasts a design similar to Twitter, and often referred itself as the "Tinder for anti-vaxxers."














































































































































































































































































































































































