Billionaire Elon Musk’s Department of Government Efficiency (DOGE) website has been hacked within days of being launched.
‘DOGE’ has historically referred to a popular internet meme turned cryptocurrency; now, it also represents a Musk-led agency set up by US President Donald Trump to “maximise governmental efficiency and productivity”.
Launched on 20 January, the advisory task force has rapidly cut US federal spending by terminating federal contracts, conducting mass layoffs, and rolling back Diversity, Equity, and Inclusion (DEI) programs across government.
On Wednesday, after Musk promised the agency would be “maximally transparent”, a dedicated doge.gov website was built to include a live tracking feed alongside droves of federal workforce spending data.
Two days later, the website was hacked.
“This is a joke of a .gov site,” a hacker wrote on the DOGE website.
As reported by 404 Media, the site was found to be insecure by two anonymous web experts who discovered it was pulling from a database which could be freely edited by anyone.
One of the sources said they were able to push updates to a database of government employment information by simply poking around for an application programming interface (API) endpoint.
A screen shot of the hacked DOGE page. Source: Archive.today
Once discovered, they demonstrated the vulnerability by pushing two separate text posts to the doge.gov website.
“THESE 'EXPERTS' LEFT THEIR DATABASE OPEN,” read a second unauthorised post.
Information Age understands both messages stayed on the website for at least 12 hours before being removed – though archived versions of the site managed to snap a record of the blatant security blunder.
The hacker also found that despite using a .gov domain name, doge.gov ran on a Cloudflare Pages site rather than government servers.
“Feels like it was completely slapped together,” they said.
“[There were] tons of errors and details leaked in the page source code.”
Information Age has contacted DOGE for comment.
DOGE site ‘leaks’ sensitive info
While DOGE’s purported database issue has not led to any known data breaches at the time of writing, the doge.gov website was separately found to have leaked allegedly classified material.
One of the site’s main features is a “workforce” page which allows users to “trace your tax dollars through the bureaucracy” by offering a clear look at head counts, budgets, average salaries and employee ages across all federal agencies.
Hackers pointed out the obvious on the DOGE page. Source: Archive.today
As reported by the HuffPost, the site included classified budget and head count details from the National Reconnaissance Office, the federal agency that builds US intelligence satellites.
“Currently people are scrambling to check if their info has been accessed,” said an anonymous Defense Intelligence Agency employee.
The doge.gov website meanwhile claimed to exclude information from US intelligence agencies, and on social media site X, DOGE upheld the leaked data was already publicly available.
Staff seeks troves of data
Earlier this month, DOGE staff demanded access to a US Treasury Department system which is responsible for managing trillions of dollars in government payments.
Though this access was temporarily blocked by a US judge, ABC News reported Monday that the taskforce has since sought access to an Internal Revenue Service system that holds personal tax details for millions of US citizens.
With pundits already concerned over DOGE’s aggressive push for government data, the taskforce’s shaky website launch has attracted further criticism over its approach to security.
“No one should be happy that the DOGE team – the same folks who randomly published classified US security information online today – wants access to your bank account and social security numbers,” wrote former US Secretary of Transportation, Pete Buttigieg.
At the time of writing, unofficial tracking site doge-tracker.com reported some $77 billion (US$49 billion) in “taxpayer dollars saved” by DOGE’s efforts, while a “savings” page on the doge.gov website stated “receipts coming over the weekend!”