Club Roster Exposed to the Web

[Adam Logan]

Hi, I uncovered that the club roster is exposed to the world wide web. Google returns the CPC website when searching for anyone on the list by first and last name. Every person on the roster's full name and email address is exposed to the world, bots, scrapers, personal information indexers etc.

https://cascadeparaglidingclub.org/roster-admin-csv/?firstname=Adam&lastname=Logan

Lock this down please.

The singular weak static password for all members needs to go as well. If the club chooses to continue with one password for all members, at minimum the password needs to be updated annually. I used to be a member of another site with the same approach as the CPC with a static password for all members, and their password got picked up by the dark web and the entire contents of all members (in the thousands) was extracted. I would prefer if that did not happen to CPC membership although I believe it already has and is happening.

I would prefer it if the club would protect membership information adequately. If the club can't or won't I request the club remove the membership personal information from the website entirely.

Respectfully, Adam Logan

[sky...@gmail.com]

Thanks for noticing that and letting us know, Adam.

John Saltveit