A leak site says it has received a cache of information, including about donors to the Ottawa truckers’ Freedom Convoy protest, after fundraising site GiveSendGo was targeted by hackers overnight.
On Monday, GiveSendGo’s website said it was “under maintenance,” hours after the site was hijacked and redirected to a page believed to be controlled by the hackers, which no longer loads. The redirected page condemned the truckers who descended on Canada’s capital to oppose mandatory COVID-19 vaccinations, causing widespread disruption to traffic and trade for more than a week.
The page also contained a link to a file containing tens of thousands of records of what was described as “raw donation data” about those who donated to the Freedom Convoy.
A short time later, non-profit leak site Distributed Denial of Secrets said it had received 30 megabytes of donor information from GiveSendGo, including self-reported names, email addresses, ZIP codes, and IP addresses for “every campaign” run on the site.
Distributed Denial of Secrets, a site known for hosting sets of leaked data involving far-right groups, said that the data would only be provided to researchers and journalists.
The breach is separate from an earlier security lapse, in which GiveSendGo left an Amazon-hosted S3 bucket storing over a thousand identity documents exposed to the internet, according to journalist Mikael Thalen, who first reported the data breach overnight.
The Boston, Massachusetts-based GiveSendGo became the primary donation service for the “Freedom Convoy” last month after GoFundMe halted the crowdsourcing campaign and froze millions of dollars in donations, citing police reports of violence across Ottawa. Over the weekend, a Canadian court issued an order halting access to the funds collected by GiveSendGo, which the company said it would defy.
Earlier in the month, the protesters raised more than $8 million for the Freedom Convoy.
GiveSendGo co-founder Jacob Wells did not respond to a request for comment.