I'd think it's far more likely that GiveSendGo doesn't have the most sophisticated and well maintained tech stack and an exploit was easily found by hacktivists engaging in defacement and doxxing.
Not only was this S3 public for reading but sounds like you could create & update as well since 2018. It contained "50 gigabytes of files, including passports and driver licenses".
Per the Tech Crunch article:
> It’s not known for exactly how long the bucket was left exposed, but a text file left behind by an unnamed security researcher, dated September 2018, warned that the bucket was “not properly configured” which can have “dangerous security implications.”
An open S3 bucket is a huge red flag that this feels state manufactured. Most people aligned with this protest probably possess the technical chops to know to do better.
