Security Flaw: DOGE Is So Transparent Anyone Can Edit Its Website

The official website of the Department of Government Efficiency (DOGE), led by Elon Musk, has a major security flaw that allows hackers to easily edit its web pages, 404 Media reports.

Two coders discovered the flaw and shared their findings with the publication. According to them, the doge.gov website was built on Cloudflare pages hosted on non-government servers, and the database it pulls information from can be accessed easily. 

One of the coders managed to access and edit two web pages that are currently live on the website. On one page, they added, “These experts left their databases open,” and on another, they wrote, “This is a joke of a .gov site.”

(Credit: doge.gov)

(Credit: doge.gov)

Perhaps ironically, DOGE is charged with “modernizing Federal technology and software to maximize governmental efficiency and productivity.” In his executive order establishing DOGE, President Trump renamed the existing United States Digital Service to the United States DOGE Service (USDS). The original USDS was founded in 2014 by former President Barack Obama following the buggy rollout of healthcare.gov. Obama pitched it as a “small team of America’s best digital experts [who] will work in collaboration with other government agencies to make websites more consumer-friendly, to identify and fix problems, and to help upgrade the government’s technology infrastructure.”

Under Musk, however, the DOGE team has largely been reviewing congressionally approved funding and making cuts to programs they don’t like. DOGE and Trump say the cuts are to programs rife with fraud, but neither has provided evidence of actual fraud.

When asked by a reporter about transparency, Musk said all of DOGE’s activities were posted to X and on the DOGE website. “All of our actions are maximally transparent,” Musk said. “In fact…I don’t know of a case where an organization has been more transparent than the DOGE organization.”

According to the Wayback Machine, however, the DOGE website was pretty sparse until Musk made those statements. The site is now basically a dupe of the DOGE X account, which seems largely concerned with axing DEI-related programs.

As 404 Media notes, this is the second time in a week that a government website was spotted with major flaws. On Wednesday, waste.gov was found to have placeholders borrowed from a WordPress template. The website was later hidden behind a password. 

SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.”,”first_published_at”:”2021-09-30T21:22:09.000000Z”,”published_at”:”2025-01-23T16:44:01.000000Z”,”last_published_at”:”2025-01-23T16:43:49.000000Z”,”created_at”:null,”updated_at”:”2025-01-23T16:44:01.000000Z”})” x-show=”showEmailSignUp()” x-intersect.once=’window.trackGAImpressionEvents(“pcmag-on-site-newsletter-block”, “SecurityWatch”, $el)’ readability=”32.838445807771″>

Like What You’re Reading?

Sign up for SecurityWatch newsletter for our top privacy and security stories delivered right to your inbox.

This newsletter may contain advertising, deals, or affiliate links.
By clicking the button, you confirm you are 16+ and agree to our
Terms of Use and
Privacy Policy.
You may unsubscribe from the newsletters at any time.

About Jibin Joseph

Contributor

Jibin is a tech news writer based out of Ahmedabad, India. Previously, he served as the editor of iGeeksBlog and is a self-proclaimed tech enthusiast who loves breaking down complex information for a broader audience.

Read Jibin’s full bio

Read the latest from Jibin Joseph