Local Salvation Army website updated after personal information released

Published: Nov. 7, 2017 at 5:24 PM EST
Email This Link
Share on Pinterest
Share on LinkedIn
WRDW wishes to clarify that Southfire Web Solutions does not own the Salvation Army Auto Auction Augusta website (salvationarmycars.com), but rather hosts and manages the site. WRDW also wishes to clarify that that the website is not down, but rather that public access to the admin section of the site and to the credit card information discussed in the story has been removed.

Tuesday, Nov. 7, 2017

(News 12 at 6 O’Clock / NBC 26 News at 7)

AUGUSTA, Ga. (WRDW/WAGT) -- "Well that's me right there and that's pretty horrible."

It's the last information anyone would want popping up on a stranger's phone. But that's exactly what Sterling Gray saw when I showed him the Augusta Salvation Army's Auto Auction website.

"It's easy enough if you are knowledgeable how to go out and find the stuff but to find the stuff so easily, I mean that's 100% me. That's a deactivated card,” Gray said.

A quick Google search and a few clicks later we found his information and a lot more. Cell phone number, home address and enough credit card information to make any hacker's dreams come true.

All through the website's "Manage Registrations" page, normally only accessible with an admin password and username, but easily found through our searches.

"No, no one has called us,” he continues, “In fact, you calling today was a shock. Like I said when you first called us I thought you were some sort of scam artist trying to get credit card numbers out of people. But then I realized there was a problem."

Private information for 788 registered members dating back to 2006 ranging from our area to users in Atlanta, Tampa, Virginia, and Massachusetts.

Gray told News 12, "Seven years of credit card numbers are out there including what looks like hundreds of other people. I was shocked. It's something that's simple to fix that's never been fixed or been identified and makes you think who's been feeding off of that information for years."

The admin pages managed by Augusta web design company Southfire are now down as both groups investigate. But Sterling still wonders how both the Salvation Army and Southfire let so much information out in the open.

"Some people may have been breached who had stuff stolen or had an active investigation is going on. This will put two into together for them. But they at least have a responsibility to let everyone know who's been online, I don't care it was 11 years ago or five years ago," he said.