Limited distribution: GiveSendGo part II (2.5 GB)
Photos and scans of IDs, passports, visas, Driver's Licenses, and military ID cards of Givesendgo fundraisers that were left on an unsecured Amazon S3 bucket
Today we are listing over 1,000 files consisting of identification cards (including driver's licenses, passports, military IDs, visas, birth certificates, insurance cards and more) uploaded onto GiveSendGo's publicly accessible Amazon-hosted S3 bucket in a sub-directory apparently labeled "legacy/stripe_document". The IDs seem to belong to crowdfund campaign creators, rather than their donors.
The Daily Dot reports:
After being alerted to the security lapse by TechCrunch, GiveSendGo appeared to fix the issue. But the Daily Dot learned on Thursday that sensitive data is still accessible.
A source with access to the data explained to the Daily Dot that GiveSendGo appeared to only remove the ability to view an index of the storage bucket’s contents but did not disable direct access to the files themselves.
As the majority of the files on the Amazon S3 bucket are merely part of GiveSendGo's website, we are excluding them from the release. A tiny number of files appear unrelated to the others (such as a lighthouse or videogame screenshot), but are included for completeness for researchers wishing to look into how GiveSendGo functions.
As this data consists largely of PII, it is limited distribution and available only upon request. Journalists and researchers with a record of public interest publishing should write to us with a research proposal to request access to this data.
It is important to note this data is unrelated to the February 2021 breach of GiveSendGo. Last year’s release included donor detail linking names to individual amounts and donation pages:
broken down by campaign and includes names, donation amounts, comments and email addresses. The last date in the cache appears to be donations for February 21, 2021.
Last year’s release is also limited distribution, due to containing PII for individuals unrelated to extremism or wrongdoing.
More info at:
February 2021 GiveSendGo wiki page and the
February 2022 GiveSendGo 2.0 wiki page.