Security Assessment of U.S. Political Donation Sites

This document is a security alert focusing on the vulnerabilities of U.S. political donation sites in light of the upcoming presidential election. It outlines the increased risk of cybercriminal activities due to the surge in campaign donations, which leads to a higher volume of transactions on these platforms. The report details the findings from a security assessment conducted by DataDome on three major donation platforms, revealing that two-thirds lack critical security measures, such as two-factor authentication. It also highlights the ineffective use of reCAPTCHA v2, which fails to protect against automated attacks. The potential for credential stuffing attacks is noted, exposing user accounts to unauthorized access and financial theft. The document concludes with recommendations for enhancing security, including the implementation of robust authentication methods and advanced bot protection to safeguard donor information and maintain trust in the electoral process.