4.6 Million Voter Database & Election Documents Exposed Online

Cybersecurity researcher Jeremiah Fowler came across and reported to VpnMentor about 13 non-password-protected databases containing 4.6 million paperwork, together with sensitive voter data and election-associated paperwork.

This breach raises indispensable issues about knowledge protection and the safety of election systems within the US.

Discovery of the Breach

Jeremiah Fowler’s investigation began when he stumbled upon a non-password-protected database containing assorted paperwork such as vote casting data, ballottemplates, and voter registrations.

All physical addresses within the database looked as if it can per chance well well be from a single county in Illinois.

Fowler’s additional evaluation published that by simply replacing the county name within the database name layout, he would possibly per chance well title 13 open and publicly accessible databases and 15 that were no longer publicly accessible.

The uncovered databases contained .csv paperwork with lists of obtainable or stuffed with life voters, absentees, early mail-in vote casting data, and duplicate voters.

More alarmingly, some paperwork marked as “voter data” integrated compassionate private knowledge such as rotund names, physical addresses, email addresses, dates of delivery, Social Security Numbers (rotund and partial), and driver’s license numbers.

The database furthermore contained voter registration functions, loss of life certificates, replace of tackle data, and candidate paperwork with private contact particulars.

Instantaneous Actions and Responses

Upon identifying the dataset’s owner, Fowler suspected that multiple counties would possibly per chance well well be inadvertently exposing voter and election data. He came across that these counties had contracts with Platinum Technology Resource, which gives assorted election-associated companies.

Fowler sent a to blame disclosure watch to Platinum Technology Resource. Nevertheless, the database remained publicly accessible even after his preliminary picture.

Fowler then contacted Magenium, an Illinois-based abilities company to blame for the technical give a boost to of Platinum Election Products and companies. Following his to blame disclosure watch to Magenium, the databases were restricted.

A representative from Magenium confirmed the databases’ closure and that Platinum Election Products and companies modified into once responsive to the region.

It remains unknown how long the paperwork were uncovered or if anybody else gained entry, with best an within forensic audit in a position to identifying extra entry or suspicious speak.

Publicity to such sensitive knowledge poses indispensable risks past the political sphere. Criminals would possibly per chance well potentially use the info supposed for voter registration to commit identification theft and diverse kinds of fraud.

The uncovered knowledge would possibly per chance well furthermore be weak for centered social engineering attacks, voter intimidation, and disinformation campaigns.

To mitigate these risks, Fowler recommends that organizations managing sensitive paperwork use peculiar formats and names that are delicate to wager.

He furthermore suggests combining entry controls and encryption, such because the use of entry tokens to generate peculiar, time-restricted entry for authenticated users.

This near ensures that best approved users can entry or take into memoir the paperwork, limiting the doable of unauthorized entry. This incident underscores the serious importance of sturdy knowledge protection measures for election systems.

Declaring public belief within the electoral project is paramount, and any breach of sensitive voter knowledge can comprise far-reaching penalties.

Organizations handling such knowledge need to adopt best practices in cybersecurity to cease future exposures and offer protection to the integrity of the democratic project.