Various Trump businesses’ email servers use 13-year-old software whose manufacturer no longer issues security updates for them.

Put simply, that means Donald Trump has left lots of would-be private information accessible to nearly anyone with a basic understanding of computers.

“Running outdated software and operating systems for your publicly facing email infrastructure is problematic, especially when you’re a high profile organisation,” security architect Kevin Beaumont, who first noticed the problem and posted about it on Twitter, told Motherboard on Monday.

For a candidate so focused on the cyber-security practices of his opponent, Hillary Clinton, Trump’s glaring web vulnerabilities are surprising.

Microsoft no longer issues security updates for the operating system the Trump Organization’s email servers use—first released in 2003—and in 2015 the company ended tech support services for the operating system. An official webpage for the software urges its users: “Migration is worth it!”

“If you are still running Windows Server 2003 in your datacenter, you need to take steps now to plan and execute a migration strategy to protect your infrastructure,” the site says.

The operating system came bundled with IIS 6.0, a webserver software that similarly has not been supported since 2015, and that Beaumont told Motherboard is “particularly dangerous” to run without security updates.

In September, a security researcher for the MacKeeper software company also found a vulnerability in Trump’s campaign website which left intern resumes and other information open to view on the internet.

Responding to Motherboard’s story, a Trump Organization spokesperson said: “The Trump Organization deploys best in class firewall and anti-vulnerability technology with constant 24/7 monitoring. Our infrastructure is vast and leverages multiple platforms which are consistently monitored and upgraded using current cyber security best practices.”