You may have missed it amongst the many news reports of the denial-of-service attacks troubling Labour, but that wasn’t the only reason the UK political party made the cybersecurity headlines this week.
In fact, less than 12 hours before Labour went public about the “sophisticated” (ahem…) attack which knocked its website offline and allegedly impacted campaigning for the upcoming General Election, The Times reported on a potential data breach involving the party.
According to The Times, some donors’ names, and time and size of their donation to the party were easily accessible:
Labour published the names of people who have donated to the party through its website thanks to an apparent security flaw.
In most cases the data included donors’ first names, the amount they contributed and the time they made the donation. Some full names were also published.
The information could be accessed using any web browser and without security checks.
That doesn’t sound good, and BBC News shared some more details:
The Times has revealed that Labour exposed the names of people who had donated money via an online tool.
The details could be found via an RSS web feed generated by the site’s code, which most browsers provide a way to inspect.
In most cases the information was limited to the donors’ first names and the sums given.
Support the originator by clicking the read the rest link below.
