The Tech Brunch The Tech Brunch

The Tech Brunch

The Tech Brunch

  • Home
  • Startups
  • Social
  • Enterprise
  • Gadgets
  • Greentech
  • Mobile
  • Fundings and exits
The Tech BrunchThe Tech Brunch
  • Startups
  • Social
  • Enterprise
  • Gadgets
  • Greentech
  • Mobile
  • Fundings and exits
Home > Social > Rallyhood exposed a decade of users’ private data
Social

Rallyhood exposed a decade of users’ private data

Published: Apr 10, 2022

Rallyhood says it’s “private and secure.” But for some time, it wasn’t.

The social network designed to help groups communicate and coordinate left one of its cloud storage buckets containing user data open and exposed. The bucket, hosted on Amazon Web Services (AWS), was not protected with a password, allowing anyone who knew the easily-guessable web address access to a decade’s worth of user files.

Rallyhood boasts users from Girl Scout and Boy Scout troops, and Komen, Habitat for Humanities, and YMCA factions. The company also hosts thousands of smaller groups, like local bands, sports teams, art clubs, and organizing committees. Many flocked to the site after Rallyhood said it would help migrate users from Yahoo Groups, after Verizon (which also owns TechCrunch) said it would shut down the discussion forum site last year.

The bucket contained group data as far back to 2011 up to and including last month. In total, the bucket contained 4.1 terabytes of uploaded files, representing millions of users’ files.

Some of the files we reviewed contained sensitive data, like shared password lists and contracts or other permission slips and agreements. The documents also included non-disclosure agreements and other files that were not intended to be public.

Where we could identify contact information of users whose information was exposed, TechCrunch reached out to verify the authenticity of the data.

A security researcher who goes by the handle Timeless found the exposed bucket and informed TechCrunch, so that the bucket and its files could be secured.

When reached, Rallyhood chief technology officer Chris Alderson initially claimed that the bucket was for “testing” and that all user data was stored “in a highly secured bucket,” but later admitted that during a migration project, “there was a brief period when permissions were mistakenly left open.”

It’s not known if Rallyhood plans to warn its users and customers of the security lapse. At the time of writing, Rallyhood has made no statement on its website or any of its social media profiles of the incident.

You Might Also Like

Privacy on Social Media: How to Stay Safe Online in 2025

Top 10 Electronic Gadgets Everyone is Talking About in 2025

Top Upcoming Mobile Launches in India 2025

Best Indian Mobile Phones For Gaming

Next Article As Morgan Stanley buys E-Trade, Robinhood preps social trading As Morgan Stanley buys E-Trade, Robinhood preps social trading

Latest News

Privacy on Social Media: How to Stay Safe Online in 2025
Social Jul 04, 2025
Top 10 Electronic Gadgets Everyone is Talking About in 2025
Gadgets Jun 26, 2025
Top Upcoming Mobile Launches in India 2025
Mobile Jun 23, 2025
Best Indian Mobile Phones For Gaming
Mobile May 08, 2025
Emerging Indian Social Networking Sites
Social May 07, 2025
Indian Social Structure And Family System
Social May 07, 2025
Festivals And Family Bonding In India
Social May 07, 2025
Role Of Youth In Indian Social Reform
Social May 07, 2025
Impact Of Indian Social Media On Youth Behavior
Social May 07, 2025
Impact Of Reservation Policies On Indian Social Balance
Social May 07, 2025
about us

  • Startups
  • Social
  • Enterprise
  • Gadgets
  • Greentech
  • Mobile
  • Fundings and exits
Upcoming Latest Indian Smart Gadgets
Upcoming Latest Indian Smart Gadgets
Gadgets May 05, 2025
Best Indian Gadgets Under 1000 Rupees
Best Indian Gadgets Under 1000 Rupees
Gadgets May 05, 2025

© Copyright 2025 thetechbrunch.com All Rights Reserved.

  • About Us
  • Contact Us
  • Privacy Policy
  • Terms And Conditions