8
English
Afrikaans
Albanian
Amharic
Arabic
Armenian
Azerbaijani
Basque
Belarusian
Bengali
Bosnian
Bulgarian
Catalan
Cebuano
Chichewa
Chinese (Simplified)
Chinese (Traditional)
Corsican
Croatian
Czech
Danish
Dutch
Esperanto
Estonian
Filipino
Finnish
French
Frisian
Galician
Georgian
German
Greek
Gujarati
Haitian Creole
Hausa
Hawaiian
Hebrew
Hindi
Hmong
Hungarian
Icelandic
Igbo
Indonesian
Irish
Italian
Japanese
Javanese
Kannada
Kazakh
Khmer
Korean
Kurdish (Kurmanji)
Kyrgyz
Lao
Latin
Latvian
Lithuanian
Macedonian
Malagasy
Malay
Malayalam
Maltese
Maori
Marathi
Mongolian
Myanmar (Burmese)
Nepali
Norwegian
Pashto
Persian
Polish
Portuguese
Punjabi
Romanian
Russian
Samoan
Scottish Gaelic
Serbian
Sesotho
Shona
Sindhi
Sinhala
Slovak
Slovenian
Somali
Spanish
Sudanese
Swahili
Swedish
Tajik
Tamil
Telugu
Thai
Turkish
Ukrainian
Urdu
Uzbek
Vietnamese
Welsh
Xhosa
Yiddish
Yoruba
Zulu
Rallyhood says it &private and secure.& But for some time, it wasn''t.The social network designed to help groups communicate and coordinate left one of its cloud storage buckets containing user data open and exposed.
The bucket, hosted on Amazon Web Services (AWS), was not protected with a password, allowing anyone who knew the easily-guessable web address access to a decade worth of user files.Rallyhood boasts users from Girl Scout and Boy Scout troops, and Komen, Habitat for Humanities, and YMCA factions.
The company also hosts thousands of smaller groups, like local bands, sports teams, art clubs, and organizing committees.
Many flocked to the site after Rallyhood said it would help migrate users from Yahoo Groups, after Verizon (which also owns TechCrunch) said it would shut down the discussion forum site last year.The bucket contained group data as far back to 2011 up to and including last month.
In total, the bucket contained 4.1 terabytes of uploaded files, representing millions of users& files.Some of the files we reviewed contained sensitive data, like shared password lists and contracts or other permission slips and agreements.
The documents also included non-disclosure agreements and other files that were not intended to be public.Where we could identify contact information of users whose information was exposed, TechCrunch reached out to verify the authenticity of the data.A security researcher who goes by the handle Timeless found the exposed bucket and informed TechCrunch, so that the bucket and its files could be secured.When reached, Rallyhood chief technology officer Chris Alderson initially claimed that the bucket was for ''testing& and that all user data was stored &in a highly secured bucket,& but later admitted that during a migration project, ''there was a brief period when permissions were mistakenly left open.It not known if Rallyhood plans to warn its users and customers of the security lapse.
At the time of writing, Rallyhood has made no statement on its website or any of its social media profiles of the incident.Stop saying, ‘We take your privacy and security seriously
