Whoever built the Trump campaign website misconfigured the settings and allowed insider data to be accessed by the public.
The leak was uncovered and first reported by MacKeeper Security Researcher, Chris Vickery, who wrote Wednesday that the Trump site’s sever settings were “bungled” such that he could download a file of resumes from people applying to be interns.
“The file contained a glut of personal details, work/education history, and references,” Vickery writes.
He notes that he tried to do the responsible thing and reached out to the Trump campaign to inform them that they had failed to secure their data. He was ignored. Only after he contacted a writer at Databreeches.net was the leak finally fixed.
It is unclear how many days or weeks the data was exposed for; it is also unclear what other data was readily accessible.
“I’m convinced at this point that the Trump campaign has gleefully handed the reins of anything resembling organization to a gang of baboons, because baboons were determined to be the cheaper alternative,” one of the prospective interns whose information was leaked told Motherboard.
Vickery concludes:
Ultimately this was an entirely avoidable mistake on the part of Trump’s tech staff. We’ll probably never know how bad the exposure really was or what other files I could have found. I have zero confidence that the campaign will be honest about that in whatever response they put out publicly (that’s if they do actually acknowledge the situation).
Let’s just hope that Donald’s team learned a good lesson here, and, if he is elected, that they are capable of guarding national assets better than their website’s assets.
—
Sam Reisman (@thericeman) is a staff editor at Mediaite.
Have a tip we should know? tips@mediaite.com
