More than 948,000 records from major nonprofit management software provider DonorView have been exposed online as a result of an insecure database, according to TechRadar.
Included in the more than 465 GB of leaked files were PDF, .csv, and .xlsx documents containing donors' personally identifiable information, including names and contact details, as well as payment method details, a report by cybersecurity researcher Jeremiah Fowler published on vpnMentor revealed.
Fowler also noted that transaction details and donation frequencies have also been observed in some exposed donation records. Files used by DonorView were also found to lack encryption.
Such data exposure could be exploited by threat actors to masquerade as charities and conduct fraudulent activities, according to Fowler, who called on donors to be vigilant of suspicious phone calls and emails.
While DonorView has since removed public access to the exposed database upon Fowler's notification, the vendor has not provided a formal response.