Personal data of 191 million registered American voters leaked

Spread the love

A database containing the details of 191 million registered voters in the United States is accessible to anyone who knows the host’s IP address. The database contains information such as names, addresses, telephone numbers and whether and when voters voted or not.

The data breach was reported to Databreaches.net researcher Chris Vickery, who also recently uncovered the data breach of 3.3 million Hello Kitty fans. The leak is believed to have been caused by a configuration error. The database contains the data that voters must provide when they register to vote. In addition to names, addresses, telephone numbers and a log of voting behaviour, the database also contains dates of birth, gender, ethnicity, any party affiliation, e-mail addresses and more. The database contains no financial data, social security numbers, or information about who the voter has voted for in the past. The entire file would be 300GB in size and may contain the data of every registered US voter, Forbes writes. The date range of the data is from the year 2000 to early 2014, according to an analysis by CSO Online.

Research by CSO Online and Datareaches.net would indicate that the data originated from NationBuilder. This would be apparent from the structure of the database. NationBuilder is a company that can be hired to support presidential election campaigns, among other things, with things like websites, fundraisers, email advertising campaigns, and free voter data. The company in turn obtains voter data from the various American states, which impose different conditions and restrictions on it and charge money for it. However, the company denies that it is responsible for the leaked database. Thus, the responsibility may lie with a currently unknown NationBuilder client.

Although the data is checked and provided subject to conditions to parties who pay for it, it is now possible that the data is in the hands of unknown and malicious parties. For example, people trying to pull phishing scams on US citizens can use the data much more effectively. Vickery has, among other things, notified the FBI of the leak. On Monday, the database was still accessible.

Image: Datareaches.net

You might also like