GiveSendGo, an alternative crowdfunding platform that came to the rescue after GoFundMe pulled the plug on fundraising for the Freedom Convoy, has suffered a vulnerability that exposed private data.
The company has since fixed the vulnerability.
Last week, GoFundMe deleted the fundraiser page of the truckers protest. As a result, the organizers started another fundraiser on alternative platform GiveGoSend which is a more free speech friendly alternative.
Like the one on GoFundMe, GiveGoSend quickly gained traction raising millions on the first day, despite suffering from server issues and the platform saying it suffered a massive DDoS attack.
However, according to TechCrunch, there was a vulnerability on the GiveGoSend page that potentially exposed the data of thousands of users.
The outlet was tipped off to the data vulnerability by a security researcher who found that the page’s Amazon-hosted S3 bucket was exposed. The S3 bucket contained more than 50GB of files that included the driver’s licenses and passports of users.
The researcher discovered the exposed S3 bucket by inspecting the Freedom Convoy’s fundraiser page’s source code.
TechCrunch contacted GiveSendGo about the data lapse and the issue was fixed shortly after.
While the data was exposed, there is not yet any evidence to suggest that data was obtained or used by any bad actors.
The post GiveSendGo error exposed user data appeared first on Reclaim The Net.
Reclaim The Net is a free speech and online privacy organization that defends our individual liberty by pushing back against big tech and media gatekeepers. Much of their work focuses on exposing digital tyrants and promoting free speech and privacy-friendly alternative online services. Visit reclaimthenet.org