Share this page!

Mikael Thalen Profile picture
Twitter logo
Feb 10 7 tweets 3 min read
NEW: GiveSendGo, the crowdfunding service used by the 'Freedom Convoy,' claimed this week that it fixed a leak exposing user data.

But a security researcher has found exposed pics of credit cards, birth certificates, military IDs, SSN cards, & passports.

dailydot.com/debug/givesend…
Earlier this week TechCrunch's @zackwhittaker reported that GiveSendGo had an exposed Amazon S3 bucket containing users' private

The company appeared to fix the issue. techcrunch.com/2022/02/08/ott…
A source explained to me that GiveSendGo merely disabled the ability to view an index of the buckets' contents. The actual files themselves were still exposed.

dailydot.com/debug/givesend…
I reached out to GiveSendGo co-founder Jacob Wells, who claimed that reports about the company's leaky server was "fake news" and possibly part of an "intentional hit job."

dailydot.com/debug/givesend…
Wells argued that his site did not ask users to upload photos of items such as SSN Cards and suggested that such an action would be the fault of the user.

I sent Wells numerous links to photos of an SSN Card, a military ID, and a Turkish passport.

dailydot.com/debug/givesend…
It appears the data is now being hosted by the journalism collective DDoSecrets. Given the sensitive nature of the data, only journalists and researchers will be permitted to view it
Security issues aren't the only problems facing GiveSendGo today.

The Ontario government petitioned a court to freeze the truckers convoy's account.

globalnews.ca/news/8610512/g…

• • •

Missing some Tweet in this thread? You can try to force a refresh
 

Keep Current with Mikael Thalen

Mikael Thalen Profile picture

Stay in touch and get notified when new unrolls are available from this author!

Read all threads

This Thread may be Removed Anytime!

PDF

Twitter may remove this content at anytime! Save it as PDF for later use!

Try unrolling a thread yourself!

how to unroll video
  1. Follow @ThreadReaderApp to mention us!

  2. From a Twitter thread mention us with a keyword "unroll"
@threadreaderapp unroll

Practice here first or read more on our help page!

More from @MikaelThalen

Mikael Thalen Profile picture
Jan 21
NEW: A Capitol rioter accused of beating a cop with a baseball bat has announced a new 'free-speech' social media site from behind bars: 'Liberty Centric.'

The site promises no censorship, bans, or 'fake' fact checking. I quickly found issues.

dailydot.com/debug/capitol-…
The site was quietly launched to little attention last year by Jake Lang, an accused rioter who is currently in jail in D.C.

The site's official announcement came this week with the help of the conspiratorial blog The Gateway Pundit.

dailydot.com/debug/capitol-…
The site's Terms of Use are a single paragraph and only asks users to avoid illegal activity and to "Love God with all your Heart."

dailydot.com/debug/capitol-…
Read 5 tweets
Mikael Thalen Profile picture
Nov 6, 2021
Reviewing a trove of more than 600 hours of police helicopter surveillance footage leaked to DDoSecrets.

Footage includes video from the Dallas Police Department and the Georgia State Patrol.

wired.com/story/ddosecre…
This screenshot from leaked police helicopter surveillance video, believed to be from the Georgia State Patrol, shows how far in the cameras can zoom.

Redacted these two seemingly random individuals in this shot who were totally unaware that they were being watched. Image
Another screenshot from the more than 600 hours of helicopter surveillance video leaked to DDoSecrets.

This appears to show the Dallas Police Department canvasing a neighborhood, zooming in on a seemingly random individual sunbathing in their backyard. Image
Read 4 tweets
Mikael Thalen Profile picture
Oct 21, 2021
NEW: I spoke with the hacker who discovered that Trump's new social media platform 'TRUTH Social' was openly accessible online.

Here's how they found it: dailydot.com/debug/hacker-t…
The hacker, who asked not to be identified but claimed affiliation with the hacking collective Anonymous, first noticed the name of the company behind TRUTH Social's app: T Media Tech LLC.

dailydot.com/debug/hacker-t…
The hacker then used Shodan, a search engine that finds servers exposed to the open web, to look for any domains linked to T Media Tech LLC.

dailydot.com/debug/hacker-t…
Read 9 tweets
Mikael Thalen Profile picture
Oct 4, 2021
NEW: Hackers operating under the banner of Anonymous have announced a third data leak from the web hosting company Epik.

The leak allegedly contains more bootable disk images as well as a data backup with 'private documents' from the Texas GOP.

dailydot.com/debug/anonymou…
This latest leak comes just days after a 300GB cache containing bootable disk images of Epik's servers were released online, which exposed at least 59 API keys for services such as Twitter, Coinbase, and PayPal.

dailydot.com/debug/anonymou…
The first data leak came on Sept. 13 and exposed 180GB worth of sensitive data from Epik, including customer names, passwords, addresses, credit cards, and more.

dailydot.com/debug/epik-hac…
Read 4 tweets
Mikael Thalen Profile picture
Sep 29, 2021
BREAKING: The hacking collective Anonymous has announced another data leak from the web hosting company Epik.

Data includes full disk images of Epik's server infrastructure & exposes at least 59 API keys for Twitter, Coinbase, PayPal, & more.

Story here: dailydot.com/debug/anonymou…
The leak is part 2 of what Anonymous has dubbed “Operation EPIK FAIL.”

The initial leak was made earlier this month and exposed “a decade’s worth” data.

More here: dailydot.com/debug/epik-hac…
Epik CEO eventually responded to the breach of his web hosting company in a 4+ hour long live video conference, where he prayed, rebuked demons, & warned that the hacked data had been cursed and could cause hard drives to burst into flames.

dailydot.com/debug/epik-ceo…
Read 8 tweets
Mikael Thalen Profile picture
Sep 27, 2021
NEW: Data from the Oath Keepers has been leaked online after the militia group was allegedly targeted by a hacker.

Data includes chat logs, emails, and information on the group's members and donors.

dailydot.com/debug/oath-kee…
The leaked Oath Keepers data was provided to the journalism & transparency collective DDoSecrets.

DDoSecrets co-founder Emma Best (@NatSecGeek) told the Daily Dot that the data sheds new light on the inner-workings of the militia group.

dailydot.com/debug/oath-kee…
The data includes messages from a Rocket.Chat server, where discussions were held by members on everything from operational security to Jan. 6.

Messages range from March to Sept 2021. An older archive details messages made in June 2020.

dailydot.com/debug/oath-kee…
Read 8 tweets

Did Thread Reader help you today?

Support us! We are indie developers!

This site is made by just two indie developers on a laptop doing marketing, support and development! Read more about the story.

Become a Premium Member ($3/month or $30/year) and get exclusive features!

Become Premium

Don't want to be a Premium member but still want to support us?

Make a small donation by buying us coffee ($5) or help with server cost ($10)

Donate via Paypal

Or Donate anonymously using crypto!

Ethereum

0xfe58350B80634f60Fa6Dc149a72b4DFbc17D341E copy

Bitcoin

3ATGMxNzCUFzxpMCHL5sWSt4DVtS8UqXpi copy

Thank you for your support!

Like this author's thread?

Get emails when @MikaelThalen has new unrolls!

Check out other threads from @MikaelThalen!

Read all threads by @MikaelThalen

:(