2020 Presidential Candidate Campaign Websites Fail On User Privacy
Tuesday, October 8, 2019
Campaign websites collect personal data from many millions of visitors. Visiting a particular campaign is likely to provide an indication of political affiliation. The combination of personal information and political intentions makes the content of the campaign websites valuable to any party wishing or intending to interfere in the 2020 elections -- and that is likely to include a range of nation states.
"One should not underestimate the sophistication of nation-state hacking actors," said Ilia Kolochenko, CEO of web security firm ImmuniWeb, about the analysis. "They will likely leverage a wide spectrum of attack vectors, including getting the data via careless third-party providers and negligent vendors." Probably, he added, "attackers have already implemented continuous monitoring of [these] presidential websites to get instant alerts once a software or its component becomes vulnerable... Unfortunately, attackers frequently act faster than security teams and manage to get in within minutes after a security flaw is publicly disclosed or sold on the Dark Web."
There is another potential concern for the candidates. Many of the sites are likely to be in contravention of the California Consumer Protection Act (CCPA) coming into force in January 2020. Read Full Article
CSO: Presidential campaign websites fail at privacy, new study shows
Forbes: EA Sports Confirms FIFA 20 Own Goal As Player Data Leaks Online