There has been a data leak at The Corbett Report. One of the latest updates of the GiveWP WordPress plugin “accidentally” started publishing the email addresses and usernames of some (but not all) Corbett Report users to the source code of the site. The plugin has been deactivated and the email addresses are no longer exposed, but the email addresses were already caught by the spambots. Tens of thousands of websites use this plugin and I was able to personally verify a number of websites where this was happening..
