The private details of 16,000 supporters of the Virus Truth action group were accessible through a data breach,
Completed forms could be viewed by changing the address in the browser bar.
That way, everyone could access documents that sometimes contained full names and contact details.
It concerned completed forms for the petition 'Stop the lockdown'.
This could be entered anonymously, but it also offered a place to leave contact details.
This allowed outsiders to collect data from Virus Truth supporters.
According to the group, there were no signs that the leak was also actively exploited.
Virus truth points to ddos attack
Virus Truth suspects that the vulnerability was created after the website was shut down by a DDOS attack.
It is unclear exactly how that could have happened, given that a DDOS attack is not a hack where someone gains access to the servers.
The action group has now closed the leak, so that the data is no longer transparent.