FACUA warns of a security breach which was allowing false profiles to sign petitions on Change

FACUA- Consumers in Action has requested that the Spanish Data Protection Agency (AEPD, according to its initials in Spanish) looks into a security breach on the Change.org platform which was allowing fake accounts to sign and comment on petitions. The association believes this to be a breach of the EU General Data Protection Regulation (GDPR), and that the company should inform all users with a Change account of the issue.

By just inputting a name, surname and an email address into any of its petitions and clicking a button to sign it, Change.org determined whether the email belonged to one of the millions of people registered on the platform, and validated the signature. As a result, even if the name and surname inputted were made up, the account owner’s supposed support