Researchers have identified significant vulnerabilities on the Department of Government Efficiency (DOGE) website, allowing unauthorized individuals to alter its content. This discovery raises concerns about the site’s security measures.
Two web development experts noted that the DOGE website does not appear to be hosted on government servers. Instead, it seems to utilize a database that can be modified by anyone who knows how to access it. Currently, a message indicating the site’s vulnerabilities remains visible.
Elon Musk’s team, responsible for the DOGE initiative, has stated a commitment to transparency, with updates provided through an X account and the DOGE website. Initially, the website was largely empty but has since been updated to display a feed from the entity’s X account and information about the federal workforce.
After analyzing the website’s architecture and API endpoints, researchers were able to locate the database containing statistics on government employees. They successfully made changes to database entries that were immediately reflected on the DOGE site.
This incident is not isolated. Recently, another federal website under the Trump administration faced scrutiny for displaying a dummy WordPress page with placeholder text. The DOGE website itself acknowledges potential issues, stating that it aims to create a comprehensive government-wide organizational chart, but errors may exist.
The current state of the DOGE website raises questions about the security capabilities of a team tasked with significant government spending reductions and access to sensitive data. Critics suggest that recent cuts to the Department of Homeland Security’s Cybersecurity and Infrastructure Security Agency may have contributed to these vulnerabilities.
For further details, visit the original article on Engadget.