This blunder was caused by Deep Root Analytics (DRA), a data analytics firm employed by the US Republican National Committee (RNC), who "mistakenly" left sensitive personal details of more than 198 million US voters exposed on an unsecured Amazon S3 server.
Chris Vickery, a security researcher at UpGuard, who discovered the exposed database said anyone could have downloaded more than a Terabytes of files containing voters data without the need for any password from the Amazon S3 server maintained by DRA.
Vickery is the same security researcher who discovered over 191 million voter records stored in an unsecured database in late 2015. In April, Vickey also reported information on 93 million Mexican voters.
Deep Root Analytics, which is a big data analytics firm that helps advertisers identify audiences for political ads, confirmed to the Gizmodo in a statement on Monday, saying "We take full responsibility for this situation."
🔐 Mastering API Security: Understanding Your True Attack Surface
Discover the untapped vulnerabilities in your API ecosystem and take proactive steps towards ironclad security. Join our insightful webinar!Join the Session
However, the server was secured two days later after Vickery responsibly reported the blunder to the federal regulators.
You would be surprised to know that the Republican National Committee paid Deep Root nearly a Million dollars between January 2015 and November 2016 for their work during the election and another $4.2 Million to TargetPoint.
It is believed that the US voters data was also compiled by at least two other contractors, TargetPoint Consulting Inc. and Data Trust.
According to the report, a smaller folder for the 2016 election included in the database contained files for Ohio and Florida, arguably the two most crucial battleground states.
Another folder named 'data_trust' appears to reference Data Trust, was entirely downloadable by any individual accessing the URL of the database and contained two massive stores of personal information collectively representing 198 million potential voters.
"Consisting primarily of two file repositories, a 256 GB folder for the 2008 presidential election and a 233 GB folder for 2012, each containing fifty-one files - one for every state, as well as the District of Columbia," explained UpGuard's Dan O'Sullivan in a blog post.
Also, one folder called "Post-Elect 2016" contained information on voters' likely views about topics like whether they voted for former President Barack Obama and US President Donald Trump's "America First" foreign policy.
Deep Root has contracted a security firm, Stroz Friedberg, to perform a thorough investigation of the data exposure.