Misconfigured Database Exposes Details of 191 Million Voters

[steven36]

A misconfigured database whose owner has yet to be identified exposes the personal details of 191 million U.S. voters, researcher Chris Vickery has warned.

 

The database containing the records of more than 191 million individuals, totaling over 300 gigabytes of information, includes names, gender data, home addresses, mailing addresses, phone numbers, dates of birth, party affiliations, and other details dating back to 2000.

 

Vickery and others have searched the database for their own records and found that the details stored in it are accurate. Another concerning aspect is that the publicly accessible database also includes the records of police officers.

 

Fortunately, social security numbers and driver’s license numbers are not affected. However, the leaked information still poses serious security and privacy risks.

The researcher has identified dozens of leaky databases over the past month and he has done his best to contact impacted organizations. However, in this case, tracking down the operator of the database appears to be a difficult task.

 

Vickery has been assisted by DataBreaches.net and Steve Ragan of Salted Hash in trying to identify the entity responsible for the database, but they haven’t had any success and the database is still online. DataBreaches.net and Ragan have contacted a congressman’s political action committee (PAC) and several political data firms, including Political Data, L2 Political, Aristotle, NGP VAN and Catalist.

 

Based on the format of the exposed data, the main suspect appears to be NationBuilder, a platform used by political campaigns worldwide. However, the company told DataBreaches.net that the database’s IP address is not theirs and it’s not associated with any of their hosted clients.

 

In 2012, NationBuilder announced its intention to compile a free nationwide voter file database containing 170 million accurate records. The service currently boasts over 190 million U.S. voters.

 

DataBreaches.net has reached out to both the FBI and the California Attorney General’s Office, but it’s unclear what steps these organizations have taken to identify the owner of the database and to address the issue.

 

Vickery’s research has focused on Amazon AWS S3 buckets and MongoDB databases. However, in this case, the expert told SecurityWeek that he is not disclosing any details until the database is secured.

 

In the United States, each state decides what information to include in voted databases, sets restrictions for the use of the database, and determines the cost of the database.

 

While in many states there are no restrictions on how voter data can be used, there are some states that allow use only for political or election purposes, while others strictly prohibit commercial use.

 

Other Leaky Databases

Vickery has identified dozens of poorly configured database management systems that at one point exposed more than 30 million credentials. The list of leaky databases identified by the expert are associated with MacKeeper, Hello Kitty owner Sanrio, Alliance Health, Uncle Maddio’s Pizza Joint, OkHello, Slingo and many others.

 

The expert informed SecurityWeek over the weekend that AARP, previously known as the American Association of Retired Persons, operates a database that exposes the details of 1.4 million accounts associated with people who signed up on AARP’s Life Reimagined website.

 

Vickery said he contacted AARP on December 19, but the issue still hasn’t been addressed. AARP has not responded to SecurityWeek’s request for comment by the time of publication.

 

Source

[Petrovic]

No organization will take responsibility for the database that includes 191 million voter registration records.

 

Security researcher Chris Vickery has discovered a database of 190 million US voters "sitting on the web," but cannot identify what organization created the database.

 

The records contain "names, home addresses, phone numbers, dates of birth, party affiliations, and logs of whether or not they had voted in primary or general elections," according to a report at Forbes. Vickery and reporters at CSO and DataBreaches.net have contacted NationBuilder, Catalist, Political Data, Aristotle, L2 Political, and NGP VAN and all disavow the files.

 

Full Article

 

via http://www.darkreading.com/

[Ballistic Gelatin]

Probably came from Hillary Clinton's 'leaky' personal server....

[straycat19]

Already posted yesterday

 

http://www.nsaneforums.com/topic/258762-misconfigured-database-exposes-details-of-191-million-voters/

 

[dMog]

just a copy of all the voters who will NOT vote for trump