Skip to content

Flawed APIs in Musk’s Doge.gov enable unauthorised edits

  • by
  • 3 min read

The U.S. government’s newly launched website, Doge.gov, designed to track workforce reductions under Elon Musk’s Department of Government Efficiency (DOGE), has been found to contain major security vulnerabilities. Anyone using flawed APIs can modify the database, leading to unauthorised edits that have already appeared on the live site.

First reported by 404Media, security researchers discovered that Doge.gov is pulling data from unsecured Cloudflare Pages, a platform commonly used for static websites but not typically associated with secure federal databases. This setup, they claim, allows third parties to alter government employment statistics and other displayed information.

One researcher successfully added entries reading “this is a joke of a .gov site” and “THESE EXPERTS LEFT THEIR DATABASE OPEN -roro.”

Doge.gov was launched after Musk told reporters that his department aimed for transparency. Musk directed the public to the site and its associated X handle. Initially, the website was a blank page, but it was expanded over the following days to include government employment statistics and mirrored social media posts.

However, the rapid deployment seems to have overlooked basic cybersecurity protocols.

This is an image of usaflag brett sayles pexels
DOGE agency promised US citizens transparency and efficiency. | Photo by Brett Sayles

Another security researcher noted that doge.gov’s architecture includes exposed API endpoints, making unauthorised data modifications possible. They also reported multiple errors and leaked details in the site’s source code, further indicating its lack of proper security measures.

This is not the first time the US government’s website has shown security flaws. Waste.gov, a site meant to track government waste, was launched initially with a default WordPress template and placeholder text. Following public scrutiny, the site was quickly placed behind a password wall.

DOGE has gained administrative access to the codebases of multiple federal agencies, including the Department of Treasury, raising additional concerns about the security of digital government infrastructure.

The Elon Musk-led DOGE promised transparency and efficiency to the US public. To this end, the department targeted and shut down programs like the diversity, equity, and inclusion (DEI) initiative, spending cuts, federal workforce cuts, and review of federal contracts.

But not everything is alright with the department. Last week, a news report emerged that the DOGE agency was directed to cease using Slack while legal teams work to transition the agency’s oversight away from the Freedom of Information Act (FOIA).

In the News: Palo Alto Firewall vulnerability exploited one day after disclosure

Kumar Hemant

Kumar Hemant

Deputy Editor at Candid.Technology. Hemant writes at the intersection of tech and culture and has a keen interest in science, social issues and international relations. You can contact him here: kumarhemant@pm.me

Related Reads

This is an image of spyware malware cybersecurity privacy featured 31

Threat actors deploy FrigidStealer on Macs via web inject attacks

This is an image of crypto farm

XMRig cryptominer distributed via trojanised game torrents

Photo: sundry photography / shutterstock. Com

Over 100 AWS keys found on public GitHub repositories

This is an image of scam call featured 1

Noida-based call center operation dupes victims of $1.4 million

This is an image of nvidia gpu compared 100

Concerns mount over outdated Nvidia A100 GPUs in India’s AI Mission

  • by
  • In News, AI
Illustration: cinemato

Two Estonians found guilty of $577 million crypto ponzi scheme

>