The doge.gov website that was spun up to track Elon Musk's cuts to the federal government is insecure and pulls from a database that can be edited by anyone, according to two separate people who found the vulnerability and shared it with 404 Media. One coder added at least two database entries that are visible on the live site and say "this is a joke of a .gov site" and "THESE 'EXPERTS' LEFT THEIR DATABASE OPEN -roro."
Doge.gov was hastily deployed after Elon Musk told reporters Tuesday that his Department of Government Efficiency is "trying to be as transparent as possible. In fact, our actions—we post our actions to the DOGE handle on X, and to the DOGE website." At the time, DOGE was an essentially blank webpage. It was built out further Wednesday and Thursday, and now shows a mirror of the @DOGE X account posts, as well as various stats about the U.S. government's federal workforce.
(Score: 1) by day of the dalek on Saturday February 15, @12:29PM
There are two points here, one of which is that everything about DOGE is about acting quickly instead of doing things right. Congress controls the power of the purse, meaning that most of these cuts need to be made through the legislative process. DOGE promised receipts by February 14 to support the waste they claim they found. Where are they? The complete lack of security on the website is another example of prioritizing speed over doing things right.
What about mitigating the conflicts of interest? That takes time, too. We know that Elon Musk and his companies have been investigated by several government agencies [theguardian.com], and that includes USAID [newsweek.com], which was targeted by DOGE. We need transparency, and we need real evidence that things are being done properly instead of just quickly. But that also takes time, and this is clearly about doing things quickly instead of doing them right. As a result, even if Musk wasn't actually doing anything corrupt, this gives the appearance of corruption.
To drive this point home, the widespread layoffs by the Trump administration included many of the people responsible for maintaining and overseeing the US nuclear arsenal [cnn.com]. They're trying to reverse those firings now, but it would never have happened to begin with if they took the time to understand what federal employees do before cutting them. As a result, we get literal weapons-grade stupidity like this. Just like with the website, DOGE isn't taking the time to do things properly.
The second point is that DOGE has accessed private information about treasury payments and borrowers of federal student loans. I suspect that DOGE has accessed my data and perhaps fed it into their "AI" systems. The DOGE staff haven't been vetted and are using private non-government email addresses. If they can't take the time to secure a website, why should they be trusted with my data and anyone else's data on those systems?
