us voter - Online Cyber Security News

Database of Over 198 Million U.S. Voters Left Exposed On Unsecured Server

Monday, June 19, 2017 Swati Khandelwal

Information on more than 198 Million United States citizens, that's over 60% of the US population, was exposed in what's believed to be the largest ever known exposure of voter-related to date.

This blunder was caused by Deep Root Analytics (DRA), a data analytics firm employed by the US Republican National Committee (RNC), who "mistakenly" left sensitive personal details of more than 198 million US voters exposed on an unsecured Amazon S3 server.

Chris Vickery, a security researcher at UpGuard, who discovered the exposed database said anyone could have downloaded more than a Terabytes of files containing voters data without the need for any password from the Amazon S3 server maintained by DRA.

Vickery is the same security researcher who discovered over 191 million voter records stored in an unsecured database in late 2015. In April, Vickey also reported information on 93 million Mexican voters.

Vickery discovered the exposed databases on June 12, which included uniquely identified data on each voter, including their first and last name, date of birth, phone number, home and mailing address, party affiliation, voter registration data, and ethnicity, along with a flag should the person appear on the federal Do-Not-Call registry.

Deep Root Analytics, which is a big data analytics firm that helps advertisers identify audiences for political ads, confirmed to the Gizmodo in a statement on Monday, saying "We take full responsibility for this situation."

However, the server was secured two days later after Vickery responsibly reported the blunder to the federal regulators.

You would be surprised to know that the Republican National Committee paid Deep Root nearly a Million dollars between January 2015 and November 2016 for their work during the election and another $4.2 Million to TargetPoint.

It is believed that the US voters data was also compiled by at least two other contractors, TargetPoint Consulting Inc. and Data Trust.

According to the report, a smaller folder for the 2016 election included in the database contained files for Ohio and Florida, arguably the two most crucial battleground states.

Another folder named 'data_trust' appears to reference Data Trust, was entirely downloadable by any individual accessing the URL of the database and contained two massive stores of personal information collectively representing 198 million potential voters.

"Consisting primarily of two file repositories, a 256 GB folder for the 2008 presidential election and a 233 GB folder for 2012, each containing fifty-one files - one for every state, as well as the District of Columbia," explained UpGuard's Dan O'Sullivan in a blog post.

Also, one folder called "Post-Elect 2016" contained information on voters’ likely views about topics like whether they voted for former President Barack Obama and US President Donald Trump’s "America First" foreign policy.

Deep Root has contracted a security firm, Stroz Friedberg, to perform a thorough investigation of the data exposure.

191 Million US Voters' Personal Info Exposed by Misconfigured Database

Monday, December 28, 2015 Swati Khandelwal

BREAKING: A misconfigured database has resulted in the exposure of around 191 Million voter records including voters' full names, their home addresses, unique voter IDs, date of births and phone numbers.

The database was discovered on December 20th by Chris Vickery, a white hat hacker, who was able to access over 191 Million Americans’ personal identifying information (PII) that are just sitting in the public to be found by anyone looking for it.

Vickery is the same security researcher who uncovered personal details of 13 Million MacKeeper users two weeks ago, which included names, email addresses, usernames, password hashes, IP addresses, phone numbers, and system information.

However, the recent discovery made him shocked when he saw his own information in the database, according to DataBreaches.net, whom the researcher contacted and provided all the details about his finding.

300GB Trove of Voters' Information Leaked

Vickery has his hands on all 300GB of database contains a long list of voter records including:

Full name (first, middle, last)
Residential address
Mailing address
A unique voter ID
State voter ID
Gender
Date of birth
Date of registration
Phone number
Political affiliation
A detailed voting history since 2000
Fields for voter prediction scores

Not just his own, but Vickery also looked up a number of police officers in his city and confirmed the information was all correct. Reporters from CSO and DataBreaches.net also did the same and upheld the accuracy as well.

Fortunately, the database doesn't contain Social Security Numbers, driver license numbers, or any financial data, but it's still a massive amount of data when it comes to protecting users privacy and security.

What's even more Shocking?

The crazy part of the data breach is no one is taking responsibility for the exposed database.

Vickery, CSO and DataBreaches.net contacted various political tech groups and known voter information companies, but all denied the database belonged to them.

The FBI and Internet Crime Complaint Center were all approached by Vickery and DataBreaches.net; so let’s now see how long this information remains alive and accessible for anyone to see.