- How to make new stuff from your piles of obsolete tech
- Why your computer sucks
- 10 recession-proof IT skills
- Juniper execs share network vision
- 9-year-old plots his fifth Microsoft certification
In a brewing controversy, whistleblower site Wikileaks.org has published personal information belonging to more than 51,000 donors and supporters of former Minnesota Senator Norm Coleman that it says were leaked because Coleman's campaign Web site was not properly secured.
The information posted by Wikileaks, which has been at the center of controversy before, included the names, street addresses, e-mail addresses, phone numbers and, in the case of 4,721 individuals, the last four digits of their credit card numbers as well.
In a statement on its site, Wikileaks said it was publishing the information to substantiate rumors that sensitive information belonging to thousands of Coleman's supporters had been floating around the Internet since January 28 "as a result of sloppy handling by the campaign."
Wikileaks said the decision to publish the information was prompted by claims from Senator Coleman's campaign that no data been compromised, and for its failure to apologize for the "initial leak" or its subsequent "cover-up."
The statement said that Coleman's campaign had known about the breach since January but had failed to notify anyone of the potential compromise of their personal data.
It claimed that Senator Coleman collected detailed information on every supporter and Web site visitor and retained unencrypted credit card information from donors, including their security codes, on the campaign's Web site.
The statement said that Wikileaks had so far sent out two notifications to Coleman's supporters "as a courtesy" prior to a further analysis of the data this week. "Wikileaks will release other material from the extensive Coleman database once those affected have time to be informed," Wikileaks said in the statement.
A copy of the original letter, from the anonymous individual who tipped Wikileaks of the breach, suggested that the information had not been illegally obtained but rather was exposed on the Coleman campaign's Web site because of "incompetence."
The whistleblower's letter pointed to an earlier blog post by technology consultant Adria Richards, explaining how she had in January first discovered a database file sitting in a directory on Coleman's Web site that anyone could download.
Richards said on her blog that she stumbled upon the problem when looking into reports in January about Coleman's campaign site crashing because of heavy traffic. In her bid to find out what was going on, she said she entered the IP address for Coleman's Web site into her browser and immediately the Web site's directories were exposed in plain text.
Richards said on her blog that she found the database while "tooling around" the listing of exposed Web directories on Coleman's site.
She said the problem was the result of the Web server not being "told to restrict directories from the Web." Richards said that she did not personally download any of the files, though she said she posted screen shots of the directory listings on two other blogs.
In response to a request for comment, a spokesman for Coleman today said in a statement that the information had been stolen. "We believe a federal crime has been committed," it said, adding, that the campaign intended to "fully pursue all legal options available" and was working with local, state and federal authorities to identify those responsible for the breach."
Rss FeedRss Feed
The Leader in Network Knowledge
Comment