UPDATE: The data weren’t stolen, but leaked. See this report.
Original report:
The home page of their web site says, “We keep your information private,” but Heritage Foundation has seemingly joined the ranks of those who failed to keep private information private. Tim Starks reports that the think tank had a data breach this week in which hackers stole sensitive emails and donor information.
Worryingly, Starks reports that some of those stolen files may have since started surfacing on the Internet.
“We experienced a malicious, unauthorized data breach of six-year-old documents on an external server that appear to contain personal information of private donors, who we are notifying,” said spokesman Wesley Denton. “We are unable to verify the authenticity of files circulated online.”
Read more on Politico.
All the juiciest docs from the recent Heritage Foundation data leak: [redacted as per site’s policy not to link to such data dumps].
And just so we’re clear, it wasn’t a hack. Heritage backed up an email archive to a PUBLIC Amazon server and it got downloaded. Big surprise.
They screwed up. Big time.
Enjoy
I’ve emailed Heritage Foundation to ask them to confirm or deny that the archive was on a public server. And to ask whether they will now confirm the authenticity of those documents. I’ll update with a new post if/when I get a response or when I give up waiting – whichever comes first.
Cool. I understand why you’re redacting the link. The original link, that is now dead (because Heritage took it down), was thf_media.s3.amazonaws.com/Debuhr/backup.zip
That’s where they had it uploaded to.
To help with authenticity, here’s a twitter post from August 28th: https://twitter.com/jfuller290/status/637436942133559296
That’s a full five days before Heritage made the announcement.
New post: http://www.databreaches.net/heritage-foundation-wasnt-attacked-they-leaked-their-own-data/.
Cheers, and thanks again.
Thank you for that additional info/evidence. I still haven’t heard back from Heritage, but I will incorporate what you’ve provided when I write it up.