Pi-hole, a well-known network-level ad-blocker, has confirmed that a security flaw in the GiveWP WordPress donation plugin exposed donor names and email addresses.
Pi-hole functions as a DNS sinkhole, blocking unwanted content before it reaches users’ devices. Originally built for Raspberry Pi single-board computers, it now runs on multiple Linux distributions, both on dedicated hardware and virtual machines.
According to Pi-hole, the issue came to light on Monday, July 28, when donors reported receiving suspicious emails at addresses used solely for contributions. A post-mortem published Friday revealed that the breach impacted individuals who donated through Pi-hole’s official website. Due to a GiveWP vulnerability, personal details became visible to anyone viewing the page’s source code—without requiring authentication or special permissions.
The GiveWP plugin, which facilitates donations on the Pi-hole site, inadvertently exposed this information. While Pi-hole did not specify the number of affected donors, data breach tracking service ‘Have I Been Pwned’ listed the incident, estimating that nearly 30,000 donors were impacted, with 73% of those email addresses already in its database.
No payment or financial details were compromised. Credit card and other transaction data are managed directly by Stripe and PayPal. Pi-hole stressed that its c
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
[…]
Content was cut in order to protect the source.Please visit the source for the rest of the article.
This article has been indexed from CySecurity News – Latest Information Security and Hacking Incidents
Read the original article: