Donald Trump Donald John TrumpBubba Wallace to be driver of Michael Jordan, Denny Hamlin NASCAR team Graham: GOP will confirm Trump's Supreme Court nominee before the election Southwest Airlines, unions call for six-month extension of government aid MORE’s official website failed to secure sensitive documents until a few days ago, according to a security expert.

Chris Vickery, a security researcher at MacKeeper, wrote Wednesday on his company blog that until he notified the campaign, DonaldJTrump.com, had misconfigured settings on its Amazon cloud account, leaving files freely accessible for anybody wiling to look.

ADVERTISEMENT

"If you want to be Commander in Chief of the mightiest nation on planet Earth, you can’t have a leaky website. You just can’t," he wrote.

Essentially, the misconfiguration allowed anyone that already knew or could guess directories and file names to download files. Vickery found both — the Trump campaign used the common folder name “resumes” and easy to guess file names for that folder name (including “resume_1.pdf” and “resume2.docx”).

The 24 files Vickery found in that folder were resumes from would-be interns.

Vickery opted to notify the campaign rather than search for additional folders.

He had the administrator of the data breach news site databreaches.net contact the Trump campaign to apply the proper settings to the cloud server. Though the campaign fixed the settings, it did not acknowledge the security problem to the site.

“Ultimately this was an entirely avoidable mistake on the part of Trump’s tech staff. We’ll probably never know how bad the exposure really was or what other files I could have found. I have zero confidence that the campaign will be honest about that in whatever response they put out publicly (that’s if they do actually acknowledge the situation),” wrote Vickery.

“Let’s just hope that Donald’s team learned a good lesson here, and, if he is elected, that they are capable of guarding national assets better than their website’s assets.”

Misconfigured web services are a common security problem for websites. Vickery is known for hunting accidentally exposed information down.

Though Vickery contacts administrators to fix problems and does not propagate the data he finds, that does not mean he is always the first one to find them. Earlier this year, he found a list of information on 150 million voters that had already been accessed by Serbian hackers before he was able to contact the data brokerage that compiled it.