To Customer Support To Customer Support

Change.org springs a leak, exposes private e-mail addresses

  • 3 April 2015
  • 4 replies
  • 940 views
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54

As many as 40,000 addresses, presumably those of petitioners, may be affected.

by Dan Goodin - Apr 3, 2015
 
http://cdn.arstechnica.net/wp-content/uploads/2015/04/change-dot.org-email-leak-640x281.png
 
Online petitions service Change.org has a website bug that's disclosing as many as 40,000 e-mail addresses that presumably belong to current or former subscribers.
 
The disclosure bug was active at the time this post was being prepared and is exploitable using the search box provided on the site or via Google or Bing. The number of results returned ranged from 40,000 to 65,000, although not every result included an e-mail address. Still, a large number of them returned pages like the one above, which Ars has redacted out of fairness to the affected e-mail user.
 
Full Article

4 replies

nic
Userlevel 7
Badge +56
Looks like it isn't really a breach, but people publicly posting their change.org emails online and getting their email addresses harvested.
M
it was a real breach, the links were directly from change.org

just take a look at the search results: https://www.google.com/#q=site:change.org+intext:unsubscribe%3Ftoken
Jasper_The_Rasper
Rank
Userlevel 7
Badge +54
Update:
Change.org officials said the total number of exposed e-mail addresses was 100. They also provided the following statement:
 
Full Article
M
this is totally wrong. There were much more than 100 email addresses from their own search engine on their website (not on another website) exposed.
 
 
see here:
 
https://www.google.com/#q=site:change.org+intext:unsubscribe%3Ftoken

still the same

Reply


Terms & Conditions

© 2004 - Webroot Inc.

We have recently updated our Privacy Policies. We encourage you to read the full terms here.