Key Takeaways:
- A fundraising platform purportedly experienced a hack .
- A website dedicated to publicising hacked data claims it provided reams of information about donations to a Canadian movement opposed to pandemic health precautions.
- DDoS stated on its website that it has 30 megabytes of donor information from the Christian fundraising site GiveSendGo in the United States, including names, email addresses, ZIP codes, and internet protocol addresses.
- The website appeared to be down. Visitors to the website were confronted with a message stating that it was undergoing maintenance and that “we will be back very soon.”
In an apparent hack, GiveSendGo, a crowdfunding website meant to raise funds for the “Freedom Convoy” demonstration planned by Canadian truckers, was taken down. In addition, information about purported donors was leaked online.
The funding of Canadian protests has become a hot topic as authorities in Ottawa and elsewhere try to stop rallies led by truckers who have been blocking towns and border crossings across the country, demanding Prime Minister Justin Trudeau’s resignation.
On Monday, a GiveSendGo spokesperson said in an email that the site was still accepting donations for the “Freedom Convoy 2022” campaign and that money would not be reimbursed. The representative did not immediately respond to questions about the hack.
As daily item writer Mikal Thalen first noticed on Sunday evening, the GiveSendGo domain began redirecting to a new domain โ GiveSendGone[.]wtf โ and showing a video loop of Disney’s Frozen. The video was accompanied by text that slammed the fundraising site and linked it to the US insurrection of January 6.
GiveSendGo, which touts itself as the “first free Christian crowdfunding platform,” had already established itself as the go-to site for soliciting funds to defray legal costs for Trump supporters accused of taking part in the Capitol insurgency.
Following the launch of a broader platform, he swiftly rose to the top of the fundraising list for the so-called “Freedom Convoy.” Police accusations of violence and other unlawful actions prompted GoFundMe to withhold millions of dollars in donations from truckers. Canadian banks have already started freezing funds associated with the convoy, with TD blocking two personal accounts totalling more than $1 million in donor funds.
A security expert informed TechCrunch that an Amazon S3 bucket โ a cloud storage service used to host information online โ had been configured insecurely as donors rushed to the new platform. As a result, gigabytes of Freedom Convoy donor data, including photographs and passport scans, were exposed by GiveSendGo.
After TechCrunch alerted GiveSendGo’s management team about the cloud storage vulnerability, it was supposedly addressed last week, and the latest hack looks to be a fresh site compromise.
The data leak hosting website Distributed Secrets Denial received the donor information, which was restricted to journalists and researchers due to sensitive personal information.
The phrase “Thanks for visiting GiveSendGo.com” is now displayed on the GiveSendGo home page. We’re currently unavailable due to server maintenance and updates. We are constantly improving our platform to make it the greatest fundraising tool available on the internet. Thank you for your time and consideration. Please revisit this page later.”
The hackers claimed to have acquired a list of campaign funders and shared it with journalists.
“I have the whole #GiveSendGo donor list,” disgraced former radio DJ Dean Blundell tweeted on Monday morning. Just wanted to double-check with legal. Nerds are in charge.
According to Reuters, “Distributed Denial of Secrets” declared on its website that it obtained 30 megabytes of donor data from Christian fundraising site GiveSendGo, including names, email addresses, ZIP codes, and internet protocol addresses.
Right-wing organisations have previously used Distributed Denial of Secrets (DDoS) to host leaked data.
Due to the sensitive personal information contained in the donation information, DDoS stated that it would not make the data available to the general public but instead make it available to “journalists and researchers.”
It’s unclear how people like Dean Blundell got their hands on the information.
GiveSendGo representatives responded quickly to the verdict, tweeting, how one should Know this! Canada has no authority over how we manage our funds at GiveSendGo. Every dollar donated to a GiveSendGo campaign goes directly to the campaign’s beneficiaries, including The Freedom Convoy campaign.