User Data Still Accessible on Freedom Convoy Donation Website

GiveSendGo, the donation service being used by the Canadian trucker protest known as the “Freedom Convoy” still has not secured user data on its site despite claiming to do so.

On February 9, TechCrunch received information that an exposed Amazon-hosted S3 bucket containing over 50 gigabytes of files, including passports and driver licenses that were collected during the donation process was found on the source code of the Freedom Convoy’s webpage on GiveSendGo.

According to DDoSecrets and the Daily Dot, the files are still accessible and GivedSendGo only removed the ability to view an index of the storage bucket but did not block access. 

A security researcher had previously had already warned GiveSendGo about its S3 bucket back in late 2018 but there were no statements on whether it had been fixed.

GiveSendGo said that reports on its vulnerabilities were fake news and GiveSendGo co-founder Jacob Wells denied that they collected IDs.

“We have never and do not collect donors’ IDs. We are looking at our legal recourse options for what looks to be an intentional hit job,” said Wells.

© Fourth Estate® — All Rights Reserved.
This material may not be published, broadcast, rewritten or redistributed.