FACUA warns of a security breach which was allowing false profiles to sign petitions on Change

By just inputting a false name and an email address, the platform established whether the email belonged to one of its' millions of users, and revealed the account holder's identity, location, profession and profile picture.

FACUA.org
España-04/12/2018

FACUA- Consumers in Action has requested that the Spanish Data Protection Agency (AEPD, according to its initials in Spanish) looks into a security breach on the Change.org platform which was allowing fake accounts to sign and comment on petitions. The association believes this to be a breach of the EU General Data Protection Regulation (GDPR), and that the company should inform all users with a Change account of the issue.

By just inputting a name, surname and an email address into any of its petitions and clicking a button to sign it, Change.org determined whether the email belonged to one of the millions of people registered on the platform, and validated the signature. As a result, even if the name and surname inputted were made up, the account owner’s supposed support

Contenido exclusivo para socios