According to researchers, anyone who knows where to look can spray digital graffiti on the Department of Government Efficiency (DOGE) website. Two web development experts said the site doesn’t seem to be hosted on government servers and that the database it pulls from can be modified by those who locate it. At the time of writing, a message reading “these ‘experts’ left their database open – roro” is still visible on the DOGE site.
DOGE chief and President ***** consigliere Elon Musk said on Tuesday that his team would be as transparent as possible, with updates on its actions shared to an X account and website. As 404 Media notes, the DOGE website was pretty much blank at the time. Since then, it’s been hurriedly assembled to show a feed of posts from the entity’s X account, along with details about the federal workforce.
The researchers told 404 that the site appeared to be built on Cloudflare Pages instead of government servers. After looking at the site’s architecture and API endpoints, one was able to locate the database containing stats on government employees. They made changes to database entries that were reflected on the DOGE website.
It’s not the first time that a federal website operating under the ***** administration has appeared to have been slapped together. Just this week, the waste.gov was locked after it was reported that the site displayed a dummy WordPress page, complete with placeholder text.
DOGE does acknowledge that there are possible issues with its web presence. “This is DOGE’s effort to create a comprehensive, government-wide org chart,” a footnote on the DOGE website reads. “This is an enormous effort, and there are likely some errors or omissions. We will continue to strive for maximum accuracy over time.”
However, it doesn’t exactly inspire confidence that a team tasked with making sweeping cuts to government spending and allegedly barging its way into federal systems that contain sensitive data on federal employees and citizens can’t secure its own website. Perhaps gutting the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency wasn’t the wisest idea.
This article originally appeared on Engadget at https://www.engadget.com/cybersecurity/the-doge-website-is-seemingly-so-insecure-it-can-be-edited-by-anyone-160612228.html?src=rss