Cyber Incident Victim: GiveSendGo
Date:
Feb 2022
Location:
Canada
Summary
A Christian crowdfunding platform experienced a DDoS attack during a high-profile fundraising campaign, causing intermittent downtime but still processing donations rapidly. Subsequently, a misconfigured cloud storage bucket exposed donors' personal documents, including passports and driver’s licenses, which were accessible online until secured after external notification; the data exposure was linked to the platform’s payment processing system and included files uploaded since the campaign’s launch.
| CIA Posture | Motives | Tactics, Techniques & Procedures |
|---|---|---|
| Available to members | 2 motives | 1 technique |
| Threat Actors | Type | Location |
|---|---|---|
| 0 actors | Available to members | Available to members |
Description
The GiveSendGo incident began on February 4, 2022, when the Christian crowdfunding platform experienced a "heavy" distributed denial-of-service (DDoS) attack coinciding with its launch of fundraising for the Freedom Convoy 2022 campaign. This protest movement involved Canadian truckers opposing COVID-19 vaccine mandates and had migrated to GiveSendGo after GoFundMe froze its $10 million campaign. The DDoS attack caused significant server downtime and erratic website outages during the critical initial fundraising period. Despite these technical disruptions, GiveSendGo reported processing approximately $1.35 million in donations within the first 12 hours—a rate five times faster than the rival platform's previous campaign performance. The platform publicly acknowledged the cyberattack via social media, emphasizing its operational resilience under sustained bot traffic. Canadian video platform Rumble intervened by offering technical assistance, establishing direct communication with GiveSendGo through Twitter to coordinate mitigation efforts. Service was restored with the website operational at the time of Article 1's publication on February 8.
Concurrently, a separate security incident involving donor data exposure was discovered during the same timeframe. Security researchers identified an improperly configured Amazon S3 bucket linked to GiveSendGo's Freedom Convoy campaign page, exposing over 50 gigabytes of sensitive donor information including passport scans and driver's licenses uploaded since February 4. The bucket's public accessibility was traced to misconfigured permissions, with evidence suggesting the vulnerability potentially existed since at least September 2018 based on an unidentified researcher's prior warning file. TechCrunch verified the exposure on February 8 after receiving a tip and notified GiveSendGo co-founder Jacob Wells, prompting the bucket's securing within hours. The identity documents appeared to have been collected during payment processing, possibly for financial compliance verification. GiveSendGo did not respond to inquiries regarding breach notification plans for affected donors. During its operational period hosting the protest campaign, the platform processed over $4.5 million in donations within the first day despite these cybersecurity challenges.