Database with 191m US voters sitting in the open

Ugh, here's some unpleasant news for all Americans interested in keeping their private data private.

A couple of security researchers have found detailed voter records of 191 million voters in the United States. It is hard to confirm if all of the data is correct and updated, but the researchers found their own records and have confirmed them to be valid.

Security researcher Chris Vickery, who's been drawing a lot of attention to himself lately with the exposing of MongoDB unprotected data, first stumbled upon the data. Later, with the help of senior staff writer at CSO Online, Steve Ragan, it was confirmed that the data was unprotected, sitting in the open, and valid.

“That's when Vickery sent me my personal voter record from the database. It was current based on the elections listed,” Ragan wrote. “My personal information was accurate too. Vickery discovered his own record as well,” he added.

The records held some intimidating information: a voter's full name (first, middle, last), their home address, mailing address, a unique voter ID, state voter ID, gender, date of birth, date of registration, phone number, a yes/no field for if the number is on the national do-not-call list, political affiliation, and a detailed voting history since 2000. In addition, the database contains fields for voter prediction scores.

The worst part about the story is that no political data firm admits to be the owner of the database.

The following firms were contacted by Salted Hash for this story: Catalist, Political Data, Aristotle, L2 Political, and NGP VAN. Databreaches.net reached out to Nation Builder. Speaking to Dissent, Nation Builder said that the IP address hosting the database wasn't one of theirs, and it wasn't an IP address for any of their hosted clients.

At the time this piece was written, the database was still live, and it is still unknown who owns it.

Topics

usa