Nearly a million non-profit donors' details left exposed in unsecured database

Trending 2 months ago

Close to a cardinal records containing personally identifiable accusation belonging to donors that sent money to non-profits were recovered exposed successful an online database.

The database is owned and operated by DonorView – supplier of a cloud-based fundraising level utilized by schools, charities, belief institutions, and different groups focused connected charitable aliases philanthropic goals.

Infosec interrogator Jeremiah Fowler recovered 948,029 records exposed online including philanthropist names, addresses, telephone numbers, emails, costs methods, and more.

Manual study of nan information revealed what appeared to beryllium nan names and addresses of individuals designated arsenic children – though it wasn't clear to nan interrogator whether these children were associated pinch nan statement collecting nan aid aliases nan funds' recipients.

Another archive seen by Fowler revealed children's names, aesculapian conditions, names of their attending doctors, and accusation connected whether nan child's image could beryllium utilized successful trading materials – though successful galore cases this was not permitted.

In conscionable a azygous document, much than 70,000 names and interaction specifications were exposed, each believed to beryllium donors to non-profits.

Neither Fowler nor The Register has received a consequence from nan US-based work provider, though Fowler said it did unafraid nan database wrong days of him filing a disclosure report.

  • 23andMe responds to breach pinch caller suit-limiting personification terms
  • Hershey phishes! Crooks snarf cocoa lovers' creds
  • Regulator says alien entered hospital, treated a patient, took a archive ... past vanished
  • Plex gives fans a privateness analyzable aft sharing viewing habits pinch friends by default

DonorView claims to person much than 150,000 users, including awesome organizations specified arsenic Habitat for Humanity and Meals connected Wheels America.

Although nan database is now secure, Fowler noted that nan magnitude of clip for which nan accusation was exposed couldn't beryllium wished – nor was it clear if nan information had been accessed by unauthorized parties.

The uncovering illustrates nan value of keeping databases secure, and will apt raise siren complete nan imaginable for phishing attacks against donors whose accusation was exposed.

"Any information incident that exposes philanthropist accusation is simply a important concern," argued Fowler. "Hypothetically, criminals would person capable accusation to interaction donors and airs arsenic a kindness aliases origin donors person antecedently supported and are passionate about, to initiate a fraudulent aid request.

"The database moreover contained philanthropist templates that could beryllium modified and sent to prospective donors. Criminals could perchance create akin email addresses and interaction donors to update their costs information. In specified situations, nan criminal could past inquire for in installments paper and banking accusation aliases further personal data. 

"With insider knowledge and nan donor's history details, nan unfortunate would person nary contiguous logic to fishy imaginable fraud." ®