An online database, housing close to a million records from a donor platform, surfaced without password protection. Jeremiah Fowler, a cybersecurity researcher, uncovered over 948,000 records in a 465GB database, likely linked to DonorView, a nonprofit software provider. vpnMentor validated Fowler’s discoveries, revealing leaked .xlsx, .csv, and PDF files containing sensitive data.
Data Breach: Unveiling a 465GB Exposition
The breached data, totaling over 465GB, encompasses payment method intricacies like PayPal and Venmo summaries, checks, and credit cards. Donation records reveal transaction specifics, completion statuses, and frequencies.
Additionally, Fowler notes that personally identifiable information, such as names, addresses, phone numbers, and emails, saturates various documents. One file alone exposes details of 70,000 potential donors.
Fowler emphasizes the potential for criminals to exploit the data, assuming false charity identities for fraudulent activities. The exposed information may fuel phishing scams, identity theft, and related crimes.
Legacy file formats, like Excel’s vulnerable .xls, heighten security risks. Urging a shift to secure .xlsx formats, Fowler reveals DonorView’s use of .xlsx files without additional encryption.
Charity donors are cautioned against sharing personal or payment information in response to suspicious emails or calls. The breach prompted the removal of public access to the database after notifying DonorView, though no official response has been received.
