Resumes of prospective interns who applied to work for the Donald Trump presidential campaign have been found on his campaign website.
Chris Vickery, lead security researcher of the MacKeeper security research team, said in a blog post Wednesday that he found the website had a misconfigured asset repository, exposing dozens of resumes.
Anyone who had direct links (or was able to generate them) could readily access the files, which were stored in an unsecured Amazon S3 bucket.
The resumes contained a wealth of personal information, including names, home and email addresses, phone numbers, and education and work experience. And, of course, the fact that they had applied for an internship at the Trump campaign, as specified in some customized resumes.
As of Monday, the data had been secured.
We were able to verify the resumes were genuine, prior to publication.
One prospective intern, a student at Princeton University, told me on the phone that he was unsuccessful in getting a position in the Trump campaign, which he applied for earlier this summer. When asked about finding his resume, the student said it was "probably just an accident" and hung up the phone.
In total, five people were able to confirm their names and details associated with their resumes.
One of those was a Maryland resident, whose leaked resume exposed that he interned at the National Security Agency for a year, ending last summer, and he worked on "the most sophisticated computer technology on the market", it read. The former intern confirmed that he worked at the intelligence agency and obtained security clearance, but he declined to comment more.
Vickery said in his blog post that the leak was "entirely avoidable", He added that he had "zero confidence that the campaign will be honest about that in whatever response they put out publicly -- if they do actually acknowledge the situation."
As of Wednesday, the Trump campaign did not return several email and calls asking for comment.
"Let's just hope that Donald's team learned a good lesson here, and, if he is elected, that they are capable of guarding national assets better than their website's assets," said Vickery.