All news with #aggregateiq tag

AggregateIQ Exposure Reveals Canadian Campaign Assets

🔒 The UpGuard Cyber Risk Team discovered an unsecured AggregateIQ (AIQ) code repository containing site backups, API keys, SSL private keys, and other sensitive assets tied to multiple Canadian campaigns and parties. Exposed files included WordPress backups, donation processor keys (Stripe), NationBuilder tokens, and PEM private keys that could enable impersonation or account takeover. The findings illustrate significant third‑party vendor risk and raise regulatory and public‑interest concerns about how AggregateIQ managed client credentials and campaign tooling.

AggregateIQ exposure: Canadian political campaign data

🔐 The UpGuard Cyber Risk Team discovered exposed repositories belonging to AggregateIQ that contained website code, backups, credentials and tokens associated with multiple Canadian political campaigns and parties. Exposed artifacts included Stripe secret keys, private SSL keys, NationBuilder/Helcim/SendGrid tokens, WordPress database credentials, and admin accounts tied to aggregateiq.com. The incident highlights third-party vendor risk and the need for tighter controls on credentials and repository configurations.

AggregateIQ Repositories Expose Multiple Brexit Sites

📂 UpGuard's analysis of exposed development repositories from AggregateIQ details source code, backups, and credentials tied to multiple pro-Brexit organizations. The findings show WordPress backups, API keys, Stripe secrets, and scripts used to build and contact supporter lists, with administrative accounts linking AIQ staff to sites such as Vote Leave, Change Britain, and the DUP. Misuse of the exposed assets could have allowed large-scale data access or payment compromise.

AggregateIQ: Exposed Targeting Tools 'Monarch' and Saga

🔍 AggregateIQ's public repository exposed sophisticated ad and tracking tools linked to political campaigns. The Saga suite automates Facebook ad scraping, performance reconciliation, and asset backup, while Monarch provides pixel-based tracking (Jewel, Peasant) and a microservice stack (Peon) for event ingestion and enrichment. The codebase included credentials and configs enabling fine-grained targeting, though working user datasets were not present. The exposure raises significant privacy and electoral concerns.

AggregateIQ Code Leak Exposes Political Targeting Tools

🔓 UpGuard disclosed that a large GitLab repository belonging to AggregateIQ was publicly accessible, exposing source code, configuration files, and numerous credentials. The leak included applications and tools — notably projects named Ripon_canvas and Ripon_dialer — designed to manage voter databases, microtargeting, canvassing, and automated outreach. Credentials for Facebook apps, Twilio, AWS, and other services were present, raising the risk of account takeover and large-scale data harvesting. UpGuard linked the repository to work for US campaigns and reported ties to Cambridge Analytica, with further technical analysis promised in subsequent reports.

AggregateIQ Repositories Expose Brexit Campaign Sites

🔍 This report details UpGuard's review of publicly downloadable development repositories from data analytics firm AggregateIQ, which contained source code, WordPress backups, database exports, and credentials tied to multiple UK political sites. The exposed repositories appear to link AIQ to web assets for several pro-Brexit groups and campaigns. Sensitive items found include API tokens, payment keys, and admin accounts that, if abused, could grant access to live systems and supporter data. The report highlights misconfiguration and credential management failures with potential regulatory consequences under GDPR.