The social network – Rallyhood – meant to assist groups communicate and coordinate left one of its cloud storage buckets containing user information open and uncovered.
The bucket, hosted on Amazon Web Services, was not protected with a password, permitting anybody who knew the simply-guessable web tackle access to a decade’s value of user files.
Rallyhood boasts customers from Girl Scout and Boy Scout troops, and Komen, Habitat for Humanities, and YMCA factions. The corporation hosts thousands of smaller groups, like local bands, sports groups, art clubs, and organizing committees.
Many flocked to the site after Rallyhood stated it will help migrate users from Yahoo Groups after Verizon stated it would close the discussion forum site in 2019.
The bucket included group data as far back to 2011 as much as and along with last month. In total, the bucket included 4.1 terabytes of uploaded files, representing thousands of users’ data.
A few of the files contained delicate data, like shared password lists and contracts or other permission slips and agreements.
The documents included non-disclosure agreements and different files that weren’t intended to be public.
A security researcher who goes by the title Timeless discovered the exposed bucket and informed reporters so that the bucket and its files could possibly be secured.
It’s not known if Rallyhood intends to warn its users and customers of the security failure. At the time of writing, Rallyhood has made no statement on its web site or any of its social media accounts of the incident.