Perhaps you voted in the 2014 Elections with the hope that your vote is a secret and confidential. Possibly you provided your personal information such as your residential address and many more. Alternatively, you even provided your date of birth and phone numbers. Imagine what could happen if the above data was compromised and leaked. This would mean that any stranger would know your full names, where you stay and they can even call you for whatever reason it may be.
What has happened?
A misconfigured database has exposed a big number of voter’s information. This database was discovered on the 20th of December and it contained information such as voters’ full names, home addresses, unique voters IDs, date of births and phone numbers. The data record of 191 million voters was sitting openly viewable on the internet and easily accessible by anyone that has an interest to get it. The data was not hidden at all and there were no security features put in place to make the data less accessible. This is shocking as Voters Records ought to be protected and kept tight even when the voting period is over. Anyone could pull out the data and use it to their advantage just by ‘surfing’ IoT.
Who discovered the data?
The person who easily came across this data is none other than Chris Vickery. He is the white hat hacker who was able to access over 191 Million Americans’ personal identifying information that were collected during elections and election registration campaigns by running queries in Shodan. Chris Vickery is also the same Security Researcher who discovered 13 Million MacKeeper users’ information two weeks ago. This information also consisted of usernames, passwords, IP addresses, names, hashes system information and phone numbers. He seems to be very good at retrieving data, but wait until you hear why the recent discovery shocked him!
Is the 191 million US voter’s info real?
The Information that was discovered is very real and this has shocked Chris Vickery. He was so curious that he pulled out his own data and found that everything in the database about him is true and correct. As if this was not enough, he went further and pulled out data of police officers in his city and indeed he could confirm that the information was all correct. The 300 GB database contained a long list of voters’ information such as full name, residential address, unique voters ID, registration date, phone number, political affiliation, a detailed voting history and many more. This is indeed shocking and worrisome as anyone can know what party you belong to, where you live, who you are and steal your identity with ease. Worse is that no one is willing to take ownership of the database.
Various Political Tech Groups were contacted and they all denied ever knowing about this database. The FBI and Internet Crime Complaint Center were all approached. We hope whoever is responsible will take ownership soon and put security measures in place!