Stories

Security flaw in Trump campaign website could have let hackers send fake emails

Many websites, including President Trump's 2020 campaign page, forgot to turn off a testing feature that could have given hackers the ability to meddle with their sites, according to a report from security firm Comparitech.

Why it matters: On the Trump site, hackers could have sent emails from the site or intercepted emails being sent — but user and donor information was never at risk.

  • While the site has now been repaired and there is no evidence a hacker ever took advantage of the security oversight, the flaw illustrates how an industrious hacker could have swindled money by sending out a fake email soliciting donations.
  • It's unclear how long the testing feature was enabled on the site before Comparitech contacted the campaign.

A Trump campaign spokesman said via email: "The problem has been fixed. Nothing was at risk. It was outdated legacy code and it was not compromised."

Go deeper: "Typosquatting" is a problem for 2020 candidates