Data Protection Academy » Data Protection News » Data breach WeAct Campact

A person holds five euro notes in his hand. A symbolisation for the data leak at WeAct Campact

Data breach WeAct Campact

Date: 18.07.2019

Responsible body: Petition platform WeAct of the organisation Campact

Type of data breach: List of petition signatories can be viewed due to technical error

According to the Campact itself, due to a technical error, lists of all petition signatories could be viewed without a password, as long as the person accessing the lists had the exact URL to the respective petition. The technical error occurred because the organisation wanted to ensure a higher level of data protection. So Campact decided to move the WeAct software from Amazon servers to their own servers. The open source software intended for this was not fully suitable for this. Files that were previously marked as private were now publicly accessible. According to the organization, no accesses by third parties were registered.

Categories of data:  Address data

Country: Germany

Persons concerned: 2 million WeAct users

Fines: unsettled

SourceCity of Bremerhaven

Back to the overview of the data breaches

Caroline Schwabe

This might interest you too:

Data breach at Klarna: Third party data visible

Entering a postcode and e-mail was sufficient to view third party data. The autofill function is to blame.

Data breach Microsoft customer records leaked

In December 2019, 250 million support requests to Microsoft were available online for two days. Security researchers reported the data breach to Microsoft.

British government published private addresses of stars

The British government publishes the addresses of around 1000 celebrities, politicians and private individuals who receive the traditional New Year's honours.