Donald Trump's campaign website was found to have leaked personal information and resumes of interns. The resumes of potential interns were found to be stored on an insecure Amazon cloud server, which according to MacKeeper security researcher Chris Vickery, was easily accessible to anyone with knowledge of where to look for such vulnerabilities.
According to Vickery, the leak has now been fixed. However, data relating to potential interns, contained in the insecure server was believed to have been left exposed for weeks or more. Vickery said he had contacted Trump's campaign after discovering the data but got no response. Trump's campaign finally fixed the issue after the administrator of Databreaches.net "was able to contact the right people and get word of the leak to Trump's staff."
"If you want to be Commander in Chief of the mightiest nation on planet Earth, you can't have a leaky website. Until just days ago, Donald Trump's official website (www.DonaldJTrump.com) suffered from a serious misconfiguration that, among other things, was exposing campaign intern résumés to the public internet," Vickery said in a blog post.
Databreaches.net's admin wrote, "On Monday morning, both Chris and this blogger took to Twitter to tweet to Trump to try to get his attention. Despite a few attempts and retweets from helpful followers, that approach failed to get any response. Nor did tweets to major news outlets trying to get their attention succeed (probably because they had all suddenly realized that yes, maybe Clinton's health was an issue that they should have been covering)." She also added that she was eventually able to connect with the director of one of the insurance companies involved with Trump's campaign, who in turn "called the right people".
According to Vickery, the repository configuration of the Trump campaign's site was "pretty bad". While it was not possible to gain access to a list of all exposed files, one could still download them if they could guess the filename. Vickery said although he didn't dig too deep, it was possible that more documents could also have been exposed.
Trump campaign aspiring interns respond
One aspiring intern, who requested to remain anonymous and whose information was among those leaked told Motherboard, "Oh lol, so it wasn't even deliberate," he said. "Sucks that it was up for who knows how long, but my info is already in the hands of about every telemarketer and spam emailer in the world." He went on to criticise the campaign and said, "I'm convinced at this point that the Trump campaign has gleefully handed the reins of anything resembling organization to a gang of baboons, because baboons were determined to be the cheaper alternative."
Yet another internet, Yoon Joon So responded, "I'm pretty disappointed that this happened. The Trump campaign should know about the importance (of) secure emails better than anyone else."
Jonathan Sander, VP of Product Strategy at Lieberman Software told IBTimes UK, "The Trump website leak could have happened to anyone — anyone who is more concerned about business results than security. When you put it that way, it sounds as if the Trump campaign was extremely careless with this data, but the sad truth is that's not the exception, it is the rule.
"There's also a question here about the design of the system itself encouraging better security in how it walks the user through set up. In the end, this falls to the person hired by Trump to do this configuration, someone who may today be heading towards the iconic "you're fired" right from the man who made it famous."
Vickery said that this incident was "an entirely avoidable mistake on the part of Trump's tech staff", adding that the public "may never know how bad the exposure really was".
Vickery concluded, "I have zero confidence that the campaign will be honest about that in whatever response they put out publicly (that's if they do actually acknowledge the situation). Let's just hope that Donald's team learned a good lesson here, and, if he is elected, that they are capable of guarding national assets better than their website's assets."