A user discovered a vulnerability on the Smart Voting website that allows him to see the email addresses of registered people

User “Habr” grumpysugar told in his blog that he found a vulnerability on the site of the “Smart Voting” project that allows you to see the email addresses of registered users.

According to grumpysugar, the vulnerability found allowed him to examine the technical information log on the site in 40 days, as well as see the email addresses. The user added that “it was not possible to access the database directly and download the addresses that were not displayed in the logs (including all the old addresses that were registered before the vulnerability appeared).”

According to the user of “Habr”, because of this “hole” the data of the users registered on the site could get into the network.

Later, the team of Alexei Navalny reported in his blog on Habré, which eliminated the vulnerability “in the very first minutes” after grumpysugar contacted them. At the same time, Navalny’s comrades-in-arms deny the fact that a database of Smart Voting users was leaked due to the vulnerability.

In mid-June, Open Media discoveredthat at least one Smart Voting clone has appeared on the Internet. The fake site began to be advertised both on social networks and through mailing lists. As the newspaper found out, behind the fake copies of the project may be the creator of the program to search for extremists in social networks, Evgeny Venediktov.

16 april became knownthat unknown persons got access to the database with e-mail addresses of people who registered for the rally “Freedom to Navalny!” Many people who got into the database were sent stolen files by mail, accompanying the letter with threats: “We will continue to receive new data about you, ha ha ha. In the meantime, we are starting to de-anonymize the post offices and will soon find out your names, phone numbers, addresses. “

Also, letters were sent to employers of Navalny’s supporters – former and present. They were promised “reputational damage and close attention of the media and law enforcement agencies.”

Later, Navalny’s associates reportedthat the person who leaked user data to the network was calculated. As FBK found out, it turned out to be a former employee of the fund, Fyodor Gorozhanko. Fedor himself denied any involvement in the hacking of the mail server.