Anti-abortion group Texas Right to Life exposed the personal information of hundreds of job applicants after a website bug allowed anyone to access their resumes, which were stored in an unprotected directory on its website.
A security researcher told TechCrunch that the group’s main website, built largely in WordPress, was not properly protecting the file storage on its website, which it used to store resumes of more than 300 job applicants, as well as other files uploaded to the website. The resumes contained names, phone numbers, addresses, and details of a person’s employment history.
The website bug was fixed over the weekend, a short time after details of the leak were posted on Twitter. The group’s website no longer lists any of the exposed files.
“We are taking action to protect the concerned individuals,” said Kimberlyn Schwartz, a spokesperson for Texas Right to Life told TechCrunch, referring to those who “sought and circulated the information.”
When asked, Schwartz would not say if the organization planned on informing those whose personal information was exposed by its security lapse.
Texas Right to Life sparked anger when last week it publicized a “whistleblower” website that encouraged Texas residents to report when someone might be seeking an abortion in violation of the state’s restrictive new abortion law. The law allows anyone to sue someone seeking an abortion, or anyone “aiding and abetting” an abortion after six weeks. That provision has been widely interpreted as targeting doctors who perform these procedures, but also potentially anyone who gets involved, such as contributing money or driving a friend to a clinic.
It didn’t take long for the “whistleblower” website to be flooded with fake tips, memes, and Shrek porn in protest. The site briefly fell offline Thursday, which coincided with an activist releasing an iOS shortcut to help anyone pre-fill the website’s form with fake information.
But by the weekend, GoDaddy, the company hosting the website, told Texas Right to Life that the site violated its terms of service and gave the group 24 hours to find another host. It did — briefly — by way of Epik, a web host that helped other controversial sites like far-right social networks Gab get back online. But that didn’t last long either.
As of Monday, the “whistleblower” website pointed to Texas Right to Life’s main website.