Labour Leaks – The Password Issue

WhaleleaksLabour have gone all in on their attacks on me and my alleged puppet masters in National. They forgot though that Trevor Mallard mounted a months worth of attacks on me for being in the pocket of Don Brash and ACT. So it is clear they are not “on message” as they say in the beltway.

After I posted my video that showed how easy it was to obtain data from their wide open site the IT community unanimously delivered their verdict that Labour and no one else was to blame for their woeful breach of people’s privacy.

Commenters at Kiwiblog and other sites quickly realised what I did long ago and that was that Google and other bots had archived Labour’s open site extensively. All their data is still in the cache and will be for quite some time.

Doing a simple cache search of the root domain with the word “password” added shows just how bad their security was.

DB passwords in the open with Labour

The problem however was much worse than that. Way worse. Remember that Chris Flatt the Labour General Secretary sent out a letter and email to their donors assuring them that their credit card details were safe. He shouldn’t have been too hasty with that assurance.

In the MySQL database files there were also plain txt strings that contained other database passwords along with the user name and passwords of their credit card provider.

$db_url = ‘mysqli://labour_admin:[email protected]/labour_production’;

which equates to $db_url = ‘mysqli://username:[email protected]/databasename’;

Their credit card provider admin details were:

“Flo2Cash_Donate\”;s:9:\”user_name\”;s:8:\”nzlabour\”;s:8:\”password\”;N;s:9:\”signature\”;N;s:8:\”url_site\”;s:63:\

“https://secure.flo2cash.co.nz/donations/labourparty/donate.aspx\”;s:7:\”url_api\”;N;s:9:\”url_recur\”;s:63:\

“https://secure.flo2cash.co.nz/donations/labourparty/donate.aspx\”

This shows the appalling lack of security not only for the donor and membership details but also with regard to usernames and passwords for other secure areas.

I never accessed those areas, to do so would have been illegal. But given that their systems were open and exposed long enough that Google and 9 other bots were able to cache the entire directory system there is a good chance that Russian or Nigerian scamsters also were able to obtain access to the database and credit card processing passswords that Labour left exposed. Chris Flatt cannot give any assurances that their donor details including credit cards were safe and secure.

I know that Labour have been warned about the details of this post so presumably their IT muppets have now changed these details.

On a final note regarding Labour’s woeful use of technology I note that John Pagani and the muppets at The Standard have been relying on ip address information. I am assuming that this information was provided by the same IT muppets that secured their site so well. Probably not really that useful then is it?

Heads really do have to roll. Pity Labour will as usual pick on some low level worker and rinse them instead of taking out the ones really responsible like Phil Goff, or Andrew Little or Chris Flatt or Moira Coatsworth. Their lacklustre leadership is what has led to this balls up not some poor IT worker doing his best with the pitiful resources their leadership have procured through their lack of donations. A properly performing political party can fund things like this appropriately, labour are clearly broken-arsed and getting poorer.


Do you want:

  • Ad-free access?
  • Access to our very popular daily crossword?
  • Access to daily sudoku?
  • Access to Incite Politics magazine articles?
  • Access to podcasts?
  • Access to political polls?

Our subscribers’ financial support is the reason why we have been able to offer our latest service; Audio blogs. 

Click Here  to support us and watch the number of services grow.

As much at home writing editorials as being the subject of them, Cam has won awards, including the Canon Media Award for his work on the Len Brown/Bevan Chuang story. When he’s not creating the news, he tends to be in it, with protagonists using the courts, media and social media to deliver financial as well as death threats.

They say that news is something that someone, somewhere, wants kept quiet. Cam Slater doesn’t do quiet and, as a result, he is a polarising, controversial but highly effective journalist who takes no prisoners.

He is fearless in his pursuit of a story.

Love him or loathe him, you can’t ignore him.

To read Cam’s previous articles click on his name in blue.

25%