https://entorb.net//wiki/index.php?action=history&feed=atom&title=Report_Data_LeakReport Data Leak - Revision history2026-05-06T11:26:09ZRevision history for this page on the wikiMediaWiki 1.43.1https://entorb.net//wiki/index.php?title=Report_Data_Leak&diff=4732&oldid=prevTorben: /* Conclusion */2024-07-18T13:40:05Z<p><span class="autocomment">Conclusion</span></p>
<p><b>New page</b></p><div>==My first reported data leak in July 2024==<br />
<br />
===Background===<br />
After donating some money to a charitable project via their website, I became curious about how they populated their footer banner displaying recent donations.<br />
<br />
===Findings===<br />
Using the browser internal developer tools, I quickly discovered the raw data in JSON format, sourced from an unprotected public API. To my surprise, the raw data:<br />
* included all (several thousand) donors, not just the recent ones.<br />
* contained the last names of donors, while the website banner only displayed first names.<br />
* revealed full names even for donors who had selected the "anonymous donation" checkbox, which resulted in just a flag in the JSON file.<br />
<br />
===Assumptions===<br />
I inferred that they:<br />
* Calculated the total sum of donations on the frontend, thus providing the complete list of donations to the user's browser.<br />
* Were unaware that all data provided to the frontend is visible to the user.<br />
* Did not implement the "need to know" principle.<br />
<br />
===Contact===<br />
I sent an email with the subject "Data Leak," including screenshots (only of my own data, of course) and a link to their public API. This resulted in a very quick and thankful response.<br />
<br />
===Responses===<br />
Their first attempt to fix the issues was to apply some authentication mechanism to the public API. However, this was useless, since it remained transparent to the browser and its developer tools.<br />
<br />
After pointing this out, I proposed the following fixes:<br />
* Calculate the sum of all donations on the backend.<br />
* Remove all unnecessary data from the JSON, especially last names.<br />
* Limit the JSON to just the latest 100 donations.<br />
* For anonymous donations, do not provide even the first name.<br />
These suggestions were all implemented very quickly.<br />
<br />
===Conclusion===<br />
* A good deed done feels good.<br />
* Fast and very thankful communication.<br />
* Quick solution time, once I had offered a proposal<br />
* Evidently poor IT sec basics on their implementation side.<br />
* As reward, they offered me an ice cream, in case I happen to be near the office ;-)</div>Torben