Signups, silence, and a suspicious text: users joined GTFOICE.org to protest ICE and woke up to messages claiming their data was sent to federal agencies
If people are actually active in the fight (at protests, hearings, social media, etc.) then the govt. already has their data. This is unavoidable. We must bear a cost in resulting for good. But there is safety in numbers; fleeing an organizing effort because if a purported breach (possibly a spoof) is self-defeating.
There's a huge difference between being on some gigantic list somewhere that includes millions and millions of people protesting all kinds of things, and being flagged as part of a much smaller pool of people who gave their info out to an anti-ICE organization that didn't keep their info safe enough. This is particularly dangerous for activists who are also immigrants, like myself. I will be telling other immigrants to steer clear. Especially since I never even received the promised toolkit. I'm less safe for having done this.
No one said anything about fleeing an organizing effort and no will be fleeing. It’s merely alerting people who used a website that never even delivered what they claimed and then had a data breach.
"wasn’t really a case of someone hacking their way into the GTFOice website? And instead, it looks like they somehow had valid access, and the system just handed over the data" well that is concerning
Thanks for reporting on this. It’s disappointing to hear, but it’s an important wake up call.
Activists need to be careful with where they share their personal info, and how much info they share. Be skeptical of any organization that seems to be asking for info that seems unnecessary / unreasonable.
And organizations need to ensure they have robust safeguards in place BEFORE collecting such info, and avoid collecting info that’s not absolutely necessary.
GTFOIce.org needs to hire an IT security firm to assess what happened and figure out exactly who / what was compromised, so that anyone affected can take appropriate steps to protect themselves, and the organization can figure out what it needs to change to protect itself going forward.
This sort of thing happened at a non-profit I used to work at, and that’s how they handled it. It started with an extremely competent colleague opening what appeared to be a legit file-sharing link from a new client. Turned out that client had been hacked. Such phishing scams are a very common cause of data breaches.
I hope GTFOIce.org has the resources and leadership to respond appropriately to this incident.
Thank you all for looking out for all of us. You guys have been fighting for us and I just want to say thank you!
That's some wild stuff. I am skeptical to put all my info in sites like this for this very reason.
Is this just them being reckless or what?
It certainly appears that way! https://blog.hagerstownrapidresponse.com/p/not-a-hack-a-handout-inside-the-gtfoice-org-data-exposure
Looks like a lot of us dodged a bullet
If people are actually active in the fight (at protests, hearings, social media, etc.) then the govt. already has their data. This is unavoidable. We must bear a cost in resulting for good. But there is safety in numbers; fleeing an organizing effort because if a purported breach (possibly a spoof) is self-defeating.
There's a huge difference between being on some gigantic list somewhere that includes millions and millions of people protesting all kinds of things, and being flagged as part of a much smaller pool of people who gave their info out to an anti-ICE organization that didn't keep their info safe enough. This is particularly dangerous for activists who are also immigrants, like myself. I will be telling other immigrants to steer clear. Especially since I never even received the promised toolkit. I'm less safe for having done this.
No one said anything about fleeing an organizing effort and no will be fleeing. It’s merely alerting people who used a website that never even delivered what they claimed and then had a data breach.
Bastards!!!
"wasn’t really a case of someone hacking their way into the GTFOice website? And instead, it looks like they somehow had valid access, and the system just handed over the data" well that is concerning
Did you guys reach out to GTFOIce.org, or any of the other orgs involved with it, for comment on the situation?
I signed up and got the email. It said : the authorities have been notifed.
That sounds weird.
This was likely a honeypot op.
Thanks for reporting on this. It’s disappointing to hear, but it’s an important wake up call.
Activists need to be careful with where they share their personal info, and how much info they share. Be skeptical of any organization that seems to be asking for info that seems unnecessary / unreasonable.
And organizations need to ensure they have robust safeguards in place BEFORE collecting such info, and avoid collecting info that’s not absolutely necessary.
GTFOIce.org needs to hire an IT security firm to assess what happened and figure out exactly who / what was compromised, so that anyone affected can take appropriate steps to protect themselves, and the organization can figure out what it needs to change to protect itself going forward.
This sort of thing happened at a non-profit I used to work at, and that’s how they handled it. It started with an extremely competent colleague opening what appeared to be a legit file-sharing link from a new client. Turned out that client had been hacked. Such phishing scams are a very common cause of data breaches.
I hope GTFOIce.org has the resources and leadership to respond appropriately to this incident.
Wow. People trusted this site with their personal info.
Great. I signed up.