A political action committee working to gather donations in support of the Hillary Clinton's presidential campaign has leaked hundreds of donor records.
Records from 959 donors between January and April were stored in a spreadsheet hosted on Amazon's cloud. The file was found by security researchers at the MacKeeper Security Research Center.
The database was operated by the Balance of Power PAC, a California-based independent organization. According to its website, the organization supports "progressive policies with Hillary Clinton as president and a progressive Congress to implement them",
That spreadsheet contained names, email addresses, home addresses, occupations, and phone numbers. It also contained specific details about the donation amount, the payment method (such as PayPal or credit card), and when the donation was made.
The data showed that a little over $30,610 was collected from the donors during the four-month period.
We were able to independently verify that the spreadsheet was genuine.
In total, seven people were able to confirm their names and that they had donated at least once (some had repeat donations) to the organization. Not all recognized the name of the Balance of Power PAC, however.
When reached by phone, one donor said they were "not happy" with their data being left on an unsecured website, while another said that "these things happen all the time" and wasn't worried because they had received new credit cards since the donations.
Financial data wasn't contained in the spreadsheet, however.
Sam Deskin, the organization's treasurer, confirmed the leak in an email but said that the data was hosted by BuddyBid, a New Zealand-based software company.
"We stopped using their services a couple of months ago," said Deskin.
Deskin said that most of the leaked data is already publicly available in federal filings, with the exception of phone numbers and email addresses. However, when we checked, many of the names we selected at random did not appear in the government database.
BuddyBid confirmed that the data was only accessible for a few weeks and that the data was removed.