- The Washington Times - Thursday, June 23, 2016

A voter database containing personal details pertaining to 154 million Americans was publicly accessible on the internet for at least two months and may have been accessed from abroad, a security researcher said Thursday.

Among the sensitive information included in the exposed database were names, addresses and political affiliations in addition to an undisclosed number of records containing email addresses and Facebook profiles, as well as whether or not the person owned a gun, Daily Dot reported.

Chris Vickery of MacKeeper Security Research said he stumbled upon the sensitive cache recently after discovering that a database was being hosted by Google on the internet without any safeguards in place to restrict access, such as requiring a username and password.

Mr. Vickery said he was able to determine that the records traced back to a data brokerage company named L2, and contacted them on Tuesday this week to disclose his discovery. Within hours, the exposed database was taken offline.

“The client told us that they were hacked, the firewall was taken down and then the probing began,” the company’s CEO, Bruce Willsie, told the researcher.

“This was an old copy (from about a year ago) of the national file and it had only a very small number of our standard fields,” he added. “I’ve asked that they report back to us with their findings and their plan for hardening their system in the future.”

Over the course of conducting his independent security audit, however, Mr. Vickery said he learned that the database had been accessed by an internet address in Serbia more than two months earlier on April 11.

Although logs seen by the security researcher indicated someone with an Internet Protocol (IP) address in Serbia had already accessed the files, he acknowledged that the individual may have disguised his or her location.

“Why was a Serbian IP messing around with a U.S. voter database? Even if this was just a proxy server it is still very troubling that this apparent incursion took place back on April 11th,” he wrote on the MacKeeper blog Thursday.

In December, Mr. Vickery announced he had discovered two other publicly exposed voter databases containing a total of more than 240 million records. CSO Online reported at the time that the smaller of the two troves contained more than 18 million records composed of user-specific information, including categories for gun ownership and religious affiliation.

Databases containing unique statistics such as those are often used by organizations to reach out to individuals based off of specialized interests, but could also prove invaluable if in the wrong hands.

“This data could also be used by large organizations to target people of interest (that never asked to be targeted) for let’s say political contributions (if they are known to contribute), same with religious organization, etc. Or to target [people] with negative campaigns as well,” information security specialist Khalil Sehnaoui told CSO in January.


Copyright © 2018 The Washington Times, LLC. Click here for reprint permission.

The Washington Times Comment Policy

The Washington Times welcomes your comments on Spot.im, our third-party provider. Please read our Comment Policy before commenting.

 

Click to Read More and View Comments

Click to Hide