Weaver Fundraising, LLC

On May 3, 2020, Weaver Fundraising, LLC (operating as Trail’s End) experienced a data breach when an unauthorized party intercepted network traffic to extract usernames and passwords for user accounts. The California Office of the Attorney General reported the incident on May 26, 2020. The breach compromised login credentials, though the exact number of affected individuals remains undisclosed. While the exposed data was limited to account access details (usernames/passwords), the incident highlights vulnerabilities in credential protection, potentially enabling follow-on attacks like account takeovers or phishing. No evidence suggests broader data exfiltration (e.g., financial or personal records beyond credentials), but the breach underscores risks tied to weak authentication practices and unencrypted network traffic. The company did not specify whether multi-factor authentication (MFA) was in place or if the stolen credentials were reused across other platforms.

Source: https://oag.ca.gov/ecrime/databreach/reports/sb24-190327

TPRM report: https://www.rankiteo.com/company/weaver-fundraising

"id": "wea759082025",
"linkid": "weaver-fundraising",
"type": "Breach",
"date": "5/2020",
"severity": "50",
"impact": "2",
"explanation": "Attack limited on finance or reputation"

{'affected_entities': [{'customers_affected': 'Unknown',
                        'industry': 'Fundraising',
                        'name': 'Weaver Fundraising, LLC d/b/a Trail’s End',
                        'type': 'Private Company'}],
 'attack_vector': 'Credential Theft (passwords pulled from network traffic)',
 'data_breach': {'data_exfiltration': 'Yes (passwords pulled from network '
                                      'traffic)',
                 'number_of_records_exposed': 'Unknown',
                 'personally_identifiable_information': 'No (only credentials)',
                 'sensitivity_of_data': 'Medium (credentials)',
                 'type_of_data_compromised': ['usernames', 'passwords']},
 'date_detected': '2020-05-03',
 'date_publicly_disclosed': '2020-05-26',
 'description': 'The California Office of the Attorney General reported a data '
                'breach involving Weaver Fundraising, LLC d/b/a Trail’s End on '
                'May 26, 2020. The breach occurred on May 3, 2020, when an '
                'unauthorized party accessed user accounts by pulling '
                'passwords from network traffic. The specific number of '
                'individuals affected is unknown, and the information '
                'compromised includes usernames and passwords used to access '
                'Trail’s End accounts.',
 'impact': {'data_compromised': ['usernames', 'passwords'],
            'identity_theft_risk': 'Potential (due to compromised '
                                   'credentials)'},
 'initial_access_broker': {'entry_point': 'Network traffic interception'},
 'references': [{'date_accessed': '2020-05-26',
                 'source': 'California Office of the Attorney General'}],
 'regulatory_compliance': {'regulatory_notifications': 'California Office of '
                                                       'the Attorney General'},
 'response': {'communication_strategy': 'Public disclosure via California '
                                        'Office of the Attorney General'},
 'threat_actor': 'Unauthorized party',
 'title': 'Data Breach at Weaver Fundraising, LLC d/b/a Trail’s End',
 'type': 'Data Breach'}

Weaver Fundraising, LLC

Grafana: Grafana GitHub Token Breach Led to Codebase Download and Extortion Attempt

Reqrea: Millions Of Hotel Guests' IDs Left Open Online In Massive Security Blunder

THORChain: More than $10 million stolen from crypto platform THORChain