We wanted to let the Change.org community know that around 11:30pm PST on Friday, May 24th, Change.org was targeted by a hacker who was able to exploit a minor vulnerability and make cosmetic changes to some text and visuals on our site. The hacker temporarily modified the title, description, and photos on 12 petitions.
This vulnerability did not expose any user data, or allow any signatures to be read, changed, added or removed.
We proactively took the site down while we found and fixed the vulnerability. After fixing the issue and restoring the affected areas, we put the site back up as of 4:20 a.m. PST.
Like any prominent internet platform, we are periodically targeted by hackers, and we take these threats very seriously. Ensuring the integrity of our petitions is vitally important to us, and our engineering team puts significant resources towards site security. No user data was exposed by this incident, and as always we will continue to work to improve the security and stability of the site.
-By Benjamin Joffe-Walt, Vice President of Communications