Daily Dumb: Musk's DOGE is Storing Sensitive Government Data (And Your Data) on an Insecure Cloud

[Bray123]

https://www.404media.co/anyone-can-push-updates-to-the-doge-gov-website-2/

The doge.gov website that was spun up to track Elon Musk’s cuts to the federal government is insecure and pulls from a database that can be edited by anyone, according to two separate people who found the vulnerability and shared it with 404 Media. One coder added at least two database entries that are visible on the live site and say “this is a joke of a .gov site” and “THESE ‘EXPERTS’ LEFT THEIR DATABASE OPEN -roro.”

Doge.gov was hastily deployed after Elon Musk told reporters Tuesday that his Department of Government Efficiency is “trying to be as transparent as possible. In fact, our actions—we post our actions to the DOGE handle on X, and to the DOGE website.” At the time, DOGE was an essentially blank webpage. It was built out further Wednesday and Thursday, and now shows a mirror of the @DOGE X account posts, as well as various stats about the U.S. government’s federal workforce.

Two different web development experts who asked to remain anonymous because they were probing a federal website told 404 Media that doge.gov is seemingly built on a Cloudflare Pages site that is not currently hosted on government servers. The database it is pulling from can be and has been written to by third parties, and will show up on the live website.

Both sources told 404 Media that they noticed Doge.gov is pulling from a Cloudflare Pages website, where the code that runs it is actually deployed.

https://bsky.app/profile/chadomir.bsky.social/post/3li56xzdbjs2x
Lot's of geeky screenshots showing how to access DOGE website.

 

[Noitall]

Its called

transparency

 

[ll74]

Its called

transparency

It's called stupidity

 

[Lathanar1]

For every goofball that points out a vulnerability there is a hundred others already gaining access through that same vulnerability. I'm sure the Russian, North Korean, and Chinese cyber warfare teams are having a field day.

 

[Noitall]

 

[Bray123]

View attachment 2494088

Nobody is really surprised. It would be surprising if Russia and China did not already have access to all of your financial and health records. Also your cell phone number, IMEI number, social media identities, and a shitload more.

 

[Noitall]

Nobody is really surprised. It would be surprising if Russia and China did not already have access to all of your financial and health records. Also your cell phone number, IMEI number, social media identities, and a shitload more.

 

[Bray123]

View attachment 2494195

That is the information that Musk's kiddies have stolen from .gov servers and stored on insecure cloud. If I know about it, it's possible that other people do as well. Keep on deluding yourself, be sure that the leopards will not eat your face.

 

[RoryN]

Ukraine & Russia, RFK Jr., Gulf of America, tariffs, every other initiative...it all feels more like distractions to have us turn away while DOGE strips the copper wiring out of America's walls.

 

[Politruk]

Just how insecure is this? Could a skilled hacker change his own Social Security number?

 

[Lathanar1]

It's a repository of information, not a source of truth. The biggest concern is going to be what systems it is connected to, if one can gain credentials from it that can be used elsewhere.

 

[Politruk]

It's a repository of information, not a source of truth.

In the Information Age, that is a distinction without a difference.

 

[Lathanar1]

In the Information Age, that is a distinction without a difference.

Source of truth means which system controls the actual information. Any external system that associates an SSN with someone can be adjusted to reflect something else, but only the SS Administrations system actually assign a number to someone. You'd have to get to it to change anything. Source of truth.

 

[Lazaran]

For every goofball that points out a vulnerability there is a hundred others already gaining access through that same vulnerability. I'm sure the Russian, North Korean, and Chinese cyber warfare teams are having a field day.

We. Told. Them. So.