A website devoted to disseminating leaked data says it was given the names and personal details of over 92,000 donors which were leaked online after a fund-raising site for “Freedom Convoy 2022” was hacked.
On Monday, GiveSendGo’s website said it was “under maintenance,” hours after the site was hijacked and redirected to a page believed to be controlled by the hackers, which no longer loads.
The GiveSendGo front page was briefly replaced by a clip from the movie “Frozen” and a manifesto accusing it of supporting “an insurrection in Ottawa.” The page also contained a link to a file containing tens of thousands of records of what was described as “raw donation data” about those who donated to the Freedom Convoy.
The manifesto read:
“Attention GiveSendGo grifters and hatriots. You helped fund the January 6th insurrection in the U.S. You helped fund an insurrection in Ottawa. In fact you are committed to fund anything that keeps the raging fire of misinformation going until it burns the world’s collective democracies down. On behalf of sane people worldwide who wish to continue living in a democracy, I am now telling you that GiveSendGo itself is now frozen.”
However, according to Reuters, in an email on Monday, a GiveSendGo spokesperson said that the site was still soliciting donations to the “Freedom Convoy 2022” campaign and that donations were not being refunded.
The spokesperson did not immediately comment on the hack itself. GiveSendGo had previously asserted it was not subject to a Canadian court order that froze these funds.
A short time later, the nonprofit leak site Distributed Denial of Secrets (DDoS) said it had received 30 megabytes of donor information from GiveSendGo, including driver’s licenses, passports, military IDs, visas, birth certificates, insurance cards, and more.
Analysis of the leaked data by extremism researcher Amarnath Amarasingam shows that while the majority of donors come from the U.S. (56%) and Canada (29%), there are also thousands of donations from overseas, including the U.K., Australia, and Ireland.
The breach is separate from an earlier security lapse, in which GiveSendGo left exposed to the internet an Amazon-hosted S3 bucket storing over a thousand identity documents, according to journalist Mikael Thalen, who first reported the data breach overnight.
DDoS said that because the donor information contained sensitive personal information, it would not be making the data available publicly but would instead be offering it to “journalists and researchers.”