A website launched by Elon Musk’s Department of Government Efficiency (DOGE) has been found to have a significant security vulnerability, allowing unauthorized users to directly modify its content.
The vulnerability discovered by two web development experts arises from the website’s use of an unsecured external database. This allowed anyone aware of the vulnerability to post and display content live on the site.
The DOGE website, launched in January, was intended to showcase the department’s efforts to cut government spending. However, for weeks it remained largely inactive, featuring only three lines of text and a cartoonish logo.
It was further developed on Wednesday and Thursday. The site pulls data from a Cloudflare Pages site, where the underlying code is deployed.
The security flaw was first reported by 404Media, who were alerted by two web development specialists. They found that the doge.gov website connects to a database that is accessible and modifiable by third parties.
This allowed anyone to make unauthorized modifications that appeared on the live website. The vulnerability was quickly exploited, with individuals posting satirical messages on the site’s homepage.
One message read: "This is a joke of a .gov site".
Another stated: "THESE 'EXPERTS' LEFT THEIR DATABASE OPEN - roro".
These messages remained visible for hours.
Newsweek also reported seeing the message, “This is a joke of a .gov site” on Friday morning. The ease with which the website was defaced has raised concerns about the security practices of DOGE.
Experts have noted that the site appears to have been hastily constructed. One coder told 404Media, “It feels like it was hastily constructed.
There are numerous errors and sensitive information exposed in the page source code”. Sam Curry, a coding expert, noted that the DOGE website seems to be developed and hosted by Burst Data, which is managed by a current DOGE employee.
He added that images on the site are routed through Cloudflare’s ImageDelivery service. The DOGE team has since resolved the website issues, removing the controversial messages.
However, the incident has raised questions about the department’s ability to handle sensitive data and maintain secure systems. Before the alleged hack, the DOGE website reportedly posted classified intelligence data.
According to a report by the Huffington Post, the site displayed information about the size and staff of a US intelligence agency. The exposure of classified data and the ease with which the website was hacked have led to increased scrutiny of DOGE and its practices.
Critics have raised concerns about the department’s access to sensitive information and the potential for conflicts of interest. Several lawsuits have been filed against DOGE, challenging its access to government data.
Find this Story Interesting! Follow us on Google News, LinkedIn, and X to Get More Instant Updates