The New Jersey-based charity has plagued the American airwaves for years with the “most hated” jingle to try to get consumers to trade in their car — for the kids! But a security lapse left thousands of those donation records exposed for anyone to find.
Bob Diachenko, Hacken.io’s director of cyber risk research, earlier this month found the company’s MongoDB database on a server, wide open and without a password.
The data included donor email addresses and donation receipts, which included customized links to a donor’s tax receipt. He also found credentials, which he said could have allowed a hacker to access far more sensitive data.