Monday, December 28, 2015

191 Million US Voter Registration Records Leaked In Mystery Database. Government incompetence or political list of enemies.

191 Million US Voter Registration Records Leaked In Mystery Database

A whitehat hacker has uncovered a database sitting on the Web containing various pieces of personal information related to 191 million American citizens registered to vote. On top of the concomitant problems of disclosing such a significant leak to that many people, no one knows who is actually responsible for the misconfiguration that left the data open to anyone.

Researcher Chris Vickery, who this month found myriad databases left open to all and sundry, told FORBES he has his hands on all 300GB of voter data, which includes names, home addresses, phone numbers, dates of birth, party affiliations, and logs of whether or not they had voted in primary or general elections. The data appears to date back to 2000. It does not contain financial data or social security numbers.

Vickery looked up his own information in the database table covering Texas and confirmed it was all accurate. Reporters from CSO and DataBreaches.net did the same. Vickery also looked up several police officers in his city and confirmed the information was correct.
Finally, I gave Vickery my parents’ surname and home town in the United States. He found them in the database in a matter of minutes. It would appear every registered US voter is included in the leak.
But their various attempts to disclose the breach to the right party were close to fruitless. DataBreaches.net and Vickery chased NationBuilder, a service that sets up digital campaigns for political parties. They believed certain markers in the database pointed to a NationBuilder-designed database. A NationBuilder spokesperson told DataBreaches.net that the IP address linked to the leaked database was not one of theirs, and the IP address was not related to any of their hosted clients. It could be that a non-hosted NationBuilder customer was responsible for the misconfiguration.

No one has taken responsibility for the leak. CSO contacted other political tech groups – Catalist, Political Data, Aristotle, L2 Political, and NGP VAN – and all denied the database belonged to them. The FBI New York field office and Internet Crime Complaint Center were contacted by DataBreaches.net and Vickery too. The FBI had not offered comment to FORBES at the time of publication.
That this kind of information is open to anyone might not alarm at first glance. Much of the data is publicly available across states as campaigners seek to home in on certain demographics. But some charge thousands of dollars for the pleasure. Many also place restrictions on the use of the information for commercial purposes.
Right now, thanks to someone’s carelessness, it’s free to anyone who can find what Vickery did. That means anyone in the world can find out where a person in the US lives and what political beliefs they may have. If they can find the database, scammers and marketing folk alike will likely benefit most.

No comments: