Donation site for Ottawa "Freedom Convoy" exposed user data
Date:
Wed, 09 Feb 2022 20:00:33 +0000
Description:
GiveSendGo failed to properly secure one of its Amazon S3 buckets which led
to donor data being exposed online.
FULL STORY ======================================================================
People who donated to support the truckers currently participating in
Canada's Freedom Convoy could have had their passport and driver licenses photos exposed due to a security lapse on the donation site GiveSendGo.
While the protest that began in January initially accepted donations using GoFundMe , the crowdsourcing giant decided to freeze around $7.9m in
donations following police reports of violence and harassment in Ottawa.
As a result, the truckers behind the convoy decided to switch to the Boston-based donation service GiveSendGo as an alternative. According to the company, it processed over $4.5m in donations for the Freedom Convoy during its first day of hosting the Adopt a Trucker campaign.
In addition to this huge influx of donations, GiveSendGo also saw loads of malicious traffic to its site according to co-founder Jacob Wells who explained the situation further in a press release , saying:
Along with the tremendous showing of support, there has also been plenty of push back. Weve seen nearly 10 million bots trying to overwhelm our servers
in just the past two hours. Though this has caused issues for the platform,
we will not let it stand in the way of providing a safe and effective means
of fundraising for our campaign owner across the globe. Exposed S3 bucket
As reported by TechCrunch , a person working in the security industry
informed the news outlet that they had discovered the web address for an exposed Amazon S3 bucket while viewing the source code of the Freedom
Convoy's page on GiveSendGo.
This exposed S3 bucket contained over 50GB of files including over a thousand pictures of passports and driver licenses collected from donors. These documents were likely submitted to GiveSendGo during the payments process as some financial institutions require this to be done before a payment can be processed. Read more
Petabytes of data are being left exposed online
Unsecured cloud database leaked personal information of over 100m US
citizens
Millions of seniors hit by major data breach
After learning of the exposed S3 bucket and the personal information it contained, TechCrunch contacted Wells and it was secured a short time later. While it's not known how long the bucket was publicly accessible online, a text file left behind by a security researcher from September of 2018 warned that the bucket was not properly configured.
As countless businesses have left their databases unsecured and S3 buckets exposed online over the years, consumers can proactively protect their personal data online by investing in identity theft protection . We've also featured the best endpoint protection software and the best malware removal software
Via TechCrunch
======================================================================
Link to news story:
https://www.techradar.com/news/donation-site-for-ottawa-freedom-convoy-exposed -user-data/
--- Mystic BBS v1.12 A47 (Linux/64)
* Origin: tqwNet Technology News (1337:1/100)