Total Tests:

2020 Presidential Candidate Campaign Websites Fail On User Privacy

By Kevin Townsend for SecurityWeek
Tuesday, October 8, 2019

Campaign websites collect personal data from many millions of visitors. Visiting a particular campaign is likely to provide an indication of political affiliation. The combination of personal information and political intentions makes the content of the campaign websites valuable to any party wishing or intending to interfere in the 2020 elections -- and that is likely to include a range of nation states.

"One should not underestimate the sophistication of nation-state hacking actors," said Ilia Kolochenko, CEO of web security firm ImmuniWeb, about the analysis. "They will likely leverage a wide spectrum of attack vectors, including getting the data via careless third-party providers and negligent vendors." Probably, he added, "attackers have already implemented continuous monitoring of [these] presidential websites to get instant alerts once a software or its component becomes vulnerable... Unfortunately, attackers frequently act faster than security teams and manage to get in within minutes after a security flaw is publicly disclosed or sold on the Dark Web."

There is another potential concern for the candidates. Many of the sites are likely to be in contravention of the California Consumer Protection Act (CCPA) coming into force in January 2020. Read Full Article

Book a Call Ask a Question
Talk to ImmuniWeb Experts
Have a technical question?

Our security experts will answer within
one business day. No obligations.

Have a sales question?
Tel: +41 22 560 6800 (Switzerland)
Tel: +1 720 605 9147 (USA)
Your data will stay private and confidential