Computerworld - In a brewing controversy, whistle-blower site Wikileaks.org has published personal information belonging to more than 51,000 donors and supporters of former U.S. Sen. Norm Coleman that it says were leaked because the Minnesota Republican's campaign Web site was not properly secured.
The information posted by Wikileaks, which has been at the center of controversy before, included the names, street addresses, e-mail addresses, phone numbers and, in the case of 4,721 individuals, the last four digits of their credit card numbers.
In a statement on its site, Wikileaks said it was publishing the information to substantiate rumors that sensitive information belonging to thousands of Coleman's supporters had been floating around the Internet since Jan. 28 "as a result of sloppy handling by the campaign."
Wikileaks said the decision to publish the information was prompted by claims from Coleman's campaign that no data been compromised and by its failure to apologize for the "initial leak" or its subsequent "coverup."
The statement said that Coleman's campaign had known about the breach since January but had failed to notify anyone of the potential compromise of their personal data.
Wikileaks claimed that the senator collected detailed information on every supporter and Web site visitor and retained unencrypted credit card information from donors, including their security codes, on the campaign's Web site.
The statement said that Wikileaks had so far sent out two notifications to Coleman's supporters "as a courtesy" prior to a further analysis of the data this week. "Wikileaks will release other material from the extensive Coleman database once those affected have time to be informed," Wikileaks said in the statement.
A copy of the original letter, from the anonymous individual who tipped Wikileaks of the breach, suggested that the information had not been illegally obtained but was exposed on the Coleman campaign's Web site because of "incompetence."
The whistle-blower's letter pointed to an earlier blog post by technology consultant Adria Richards explaining how she had in January first discovered a database file sitting in a directory on Coleman's Web site that anyone could download.
Richards said on her blog that she stumbled upon the problem when looking into reports in January about the political campaign's site crashing because of heavy traffic. In her bid to find out what was going on, Richards said she entered the IP address for Coleman's Web site into her browser, and the Web site's directories were immediately exposed in plain text.
Richards said on her blog that she found the database while "tooling around" the listing of exposed Web directories on Coleman's site.
She said the problem was the result of the Web server not being "told to restrict directories from the Web." Richards said that she did not personally download any of the files, though she said she posted screen shots of the directory listings on two other blogs.
Free Insider GuideCopyright © 1994 - 2012 Computerworld Inc. All rights reserved. Reproduction in whole or in part in any form or medium without express written permission of Computerworld Inc. is prohibited. Computerworld and Computerworld.com and the respective logos are trademarks of International Data Group Inc.
