A security researcher with a knack for uncovering data breaches says he’s discovered a trove of information including names, addresses, phone numbers, and dates of birth for more than 191 million U.S. voters on a publicly available server.
Researcher Chris Vickery says the database, which appears to be stored on a server accidentally configured to be accessible to the public, doesn’t contain information like Social Security numbers or driver’s license numbers, according to a Monday post on DataBreaches.net1, an anonymously published watchdog site that frequently shares his findings. The database lists whether voters are registered with a particular party but not how they’ve actually voted in particular elections.
Vickery has previously reported millions of accounts’ worth of data mistakenly stored in publicly accessible databases by insurance claim management software company Systema Software2, security software firm Kromtech3, HIV-positive dating app Hzone4 and a Hello Kitty fan community5.
He told Fast Company last week that he’s reported about two dozen such leaks to companies since this summer, often finding unlocked database servers through the search engine Shodan6, which lets users search for services running on particular ports.
Vickery and DataBreaches.net say they’ve been unable to locate the owner of the vulnerable server in order to have the database taken down, “despite countless hours” of effort contacting political consulting firms who could be connected. They say they’ve also reported the server to the FBI and to the California Attorney General’s Office, since the database includes records from that state.
Security columnist Steve Ragan also wrote Monday7 that he was unable to track down the origin of the data, despite contacting a number of political organizations.
The apparent leak follows a data dispute earlier this month between the Hillary Clinton and Bernie Sanders presidential campaigns, after Democratic National Committee officials accused Sanders campaign workers of improperly taking advantage of a malfunction in a shared voter database8 to access confidential information stored by the Clinton campaign. The Sanders campaign has since fired the staffer said responsible for the breach.
Many states do provide some access to their voter data but generally limit its use and distribution to protect voter confidentiality, according to DataBreaches.net.
The site’s editor, who writes under the name Dissent, urged readers Monday to lobby their elected officials for stronger restrictions.
“It s too easy to upload a database with all of our contact details, our date of birth, and our political affiliations and voting history to the Internet where anyone can grab it,” the DataBreaches editor wrote. “Tweet them a link to this article with #ProtectMyPrivacy.”
Get the latest Fast Company stories in your inbox daily
References
- ^ according to a Monday post on DataBreaches.net (www.databreaches.net)
- ^ insurance claim management software company Systema Software (www.modernhealthcare.com)
- ^ security software firm Kromtech (krebsonsecurity.com)
- ^ HIV-positive dating app Hzone (www.csoonline.com)
- ^ Hello Kitty fan community (www.fastcompany.com)
- ^ Shodan (www.shodan.io)
- ^ wrote Monday (www.csoonline.com)
- ^ advantage of a malfunction in a shared voter database (www.cbsnews.com)
The post Data on 191 Million U.S.
Voters Was Leaked Online, Says Security … appeared first on News4Security.