Campaign Gaffe: How a Voter Contact App Exposed Credentials and Code
UpGuard can now disclose that a code repository including exposed access credentials for Campaign Sidekick, a current voter contact, survey, and canvassing app used by Republican campaigns, has been secured. The code repository was within a “.git” directory which was configured for public access and hosted on Campaign Sidekick’s primary website. The directory contained source code and associated credentials for Campaign Sidekick, including the full history of changes to the code since it was first uploaded to this directory in November of 2016. Additionally, the data exposed in this project included credentials for accessing the CPanel (website administration software) and Secure File Transfer Protocol servers of another US elections-related company, Voter Gravity. The scripts detail how information was collated from sources (including Facebook) and included identifying details of software developers working on the project who were located within, and residents of, India.
Read more on UpGuard.