Advertisement
Tech

GiveSendGo hit with yet another data breach as more donors’ personal info exposed

The Christian crowdfunding website is hit with yet another hack and leak.

Photo of Mikael Thalen

Mikael Thalen

givesendgo homepage

Hackers have once again leaked data on donors to the Freedom Convoy fundraiser hosted by the Christian crowdfunding website GiveSendGo.

Featured Video

The data, provided by the hacker to the transparency and journalism collective DDoSecrets, reveals all names and donation amounts provided to the campaign as of Feb. 23 as well as limited credit card data.

A hacker had previously leaked a downloadable file on the identities of more than 92,000 donors on Feb. 13. Visitors to GiveSendGo’s website were redirected to a rogue domain that not only offered a downloadable file of the data but a long manifesto set to music from the Disney film Frozen II.

The initial leak came just three days after the Daily Dot was alerted to serious security issues on GiveSendGo’s website that saw private documents such as passports and driver’s licenses openly exposed. Despite informing the company of the vulnerabilities uncovered by security researchers, GiveSendGo co-founder Jacob Wells called the issue “fake news.”

Advertisement

Just two days later on Feb. 15, an even more devastating leak revealed the entire donor history of every individual who had ever used GiveSendGo as well as limited credit card data.

The incident finally caused GiveSendGo, which had remained quiet on the issues up until that point, to take down its website and release a statement regarding the breach. The company tried to reassure users by claiming that it had “performed many security audits to ensure the security of the site before bringing it back online.”

But the new leak not only reveals information on the latest donors but more of their financial data as well, including the last four digits of credit cards and their expiration dates. Analysis of the data also shows that the fundraiser has received more than 10,000 new donations since the initial leak on Feb. 13.

While the initial leak showed the campaign had been given roughly $9,910,144, the new data shows that the Freedom Convoy has now received over $10,629,762. Refund amounts also changed from around $17,000 to nearly $41,000 as well.

Advertisement

The hack and leak, which DDoSecrets is only providing to journalists and researchers given the sensitivity of the data, reveals that GiveSendGo’s continued security woes have done little to deter the campaign’s supporters.

The Daily Dot reached out to GiveSendGo to ask if it was aware of the hack and what steps it had taken following its previous security incidents to protect users’ data but did not hear back.

The hack is just one of several targeting the Freedom Convoy movement in Canada, whose aim is to blockade roads in an effort to have vaccine mandates and other health measures repealed.

A similar campaign on GiveSendGo known as “Adopt a Trucker” has also had donor data leaked. Not only that, the campaign’s founder Chris Garrah had his emails hacked and leaked earlier this week as well.

Advertisement

Garrah told the Daily Dot in an email that he wasn’t “much of an email person or computer person” and was not concerned about the hack. Hours later, the hacker, using Garrah’s email, responded to the Daily Dot to reveal that he still had access to Garrah’s account.

“Pardon my intrusion into the conversation,” the hacker wrote. “Chris has definitely not secured his email!”


Read more of the Daily Dot’s tech and politics coverage

Nevada’s GOP secretary of state candidate follows QAnon, neo-Nazi accounts on Gab, Telegram
Court filing in Bored Apes lawsuit revives claims founders built NFT empire on Nazi ideology
EXCLUSIVE: ‘Say hi to the Donald for us’: Florida police briefed armed right-wing group before they went to Jan. 6 protest
Inside the Proud Boys’ ties to ghost gun sales
‘Judas’: Gab users are furious its founder handed over data to the FBI without a subpoena
EXCLUSIVE: Anti-vax dating site that let people advertise ‘mRNA FREE’ semen left all its user data exposed
Sign up to receive the Daily Dot’s Internet Insider newsletter for urgent news from the frontline of online.
Advertisement

 
The Daily Dot