GiveSendGo, an alternative crowdfunding platform that came to the rescue after GoFundMe pulled the plug on fundraising for the Freedom Convoy, has suffered a vulnerability that exposed private data, TechCrunch alleges.
The company has since fixed the vulnerability, according to the tech blog.
Last week, GoFundMe deleted the fundraiser page of the truckers protest. As a result, the organizers started another fundraiser on alternative platform GiveSendGo which is a more free speech friendly alternative.
Like the one on GoFundMe, GiveSendGo quickly gained traction raising millions on the first day, despite suffering from server issues and the platform saying it suffered a massive DDoS attack.
However, according to TechCrunch, there was a vulnerability on the GiveSendGo page that potentially exposed the data of thousands of users.
The outlet was tipped off to the data vulnerability by a security researcher who found that the page’s Amazon-hosted S3 bucket was exposed. The S3 bucket contained more than 50GB of files that included the driver’s licenses and passports of users.
The researcher discovered the exposed S3 bucket by inspecting the Freedom Convoy’s fundraiser page’s source code.
TechCrunch says it contacted GiveSendGo about the data lapse and the issue was fixed shortly after.
There is not any evidence to suggest that data was obtained or used by any bad actors.
