A large database containing sensitive information on 154 million United States voters was left wide open on the internet, with third parties overseas accessing the data.
MacKeeper security researcher Chris Vickery said he discovered a CouchDB instance hosted in the Google cloud, that was configured for public access with no user authentication whatsoever required.
Vickery deduced from the record naming scheme that the database originated from information brokerage L2.
When contacted by Vickery, L2 said the database was copied from a client of the company.
"The client told us that they were hacked, the firewall was taken down and then the probing began," L2 chief executive Bruce Willsie told Vickery.
Willsie did not name the client responsible for the data breach. The L2 chief executive said the database was a year-old copy of the company's national file, and contained "only a small number of our standard fields".
Besides voters' addresses and phone numbers, the database contained fields with records of their ethnicity, gun ownership, whether or not they're anti-abortion, have children, and if they opposed marriage equality or not.
Vickery also queried the server's log file and discovered that a computer with an internet protocol address allocated to a network with an address in Serbia had accessed the database in April this year.
The database has been taken down after Vickery reported the breach.