Database with 154 million US voter records left wide open

By

Contained sensitive, personally identifiable data.

A large database containing sensitive information on 154 million United States voters was left wide open on the internet, with third parties overseas accessing the data.

Database with 154 million US voter records left wide open
Source: Chris Vickery.

MacKeeper security researcher Chris Vickery said he discovered a CouchDB instance hosted in the Google cloud, that was configured for public access with no user authentication whatsoever required.

Vickery deduced from the record naming scheme that the database originated from information brokerage L2.

When contacted by Vickery, L2 said the database was copied from a client of the company. 

"The client told us that they were hacked, the firewall was taken down and then the probing began," L2 chief executive Bruce Willsie told Vickery.

Willsie did not name the client responsible for the data breach. The L2 chief executive said the database was a year-old copy of the company's national file, and contained "only a small number of our standard fields".

Besides voters' addresses and phone numbers, the database contained fields with records of their ethnicity, gun ownership, whether or not they're anti-abortion, have children, and if they opposed marriage equality or not.

Vickery also queried the server's log file and discovered that a computer with an internet protocol address allocated to a network with an address in Serbia had accessed the database in April this year.

The database has been taken down after Vickery reported the breach.

Got a news tip for our journalists? Share it with us anonymously here.
Copyright © iTnews.com.au . All rights reserved.
Tags:
privacysecurity

Sponsored Whitepapers

Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Datacom + Microsoft Azure: Turn Ideas Into Impact in Just 4 Weeks
Protect APIs. Protect Your Business.
Protect APIs. Protect Your Business.
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
KnowBe4 Benchmark Report: Reducing Human Risk & Phishing Vulnerability in ANZ
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Modern Identity for SAP and Beyond: Replace SAP IDM with Saviynt
Saviynt Simplifies GRC and Access Control for SAP and Beyond
Saviynt Simplifies GRC and Access Control for SAP and Beyond

Events

Most Read Articles

Qantas facing 'significant' data theft after cyber attack

Qantas facing 'significant' data theft after cyber attack
Ex-student charged over Western Sydney University cyberattacks

Ex-student charged over Western Sydney University cyberattacks
Home Affairs officer accessed data on "friends and associates"

Home Affairs officer accessed data on "friends and associates"
SA Water plans 'once-in-a-generation' core technology uplift

SA Water plans 'once-in-a-generation' core technology uplift
techpartner.news logo
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Dave Stevens on Brennan's evolution and the need for Aussie tech unity
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
Sydney's ITKnocks on contact centre AI and the slow death of the IVR
"It's an exciting time to be part of the health and aged care sector"
"It's an exciting time to be part of the health and aged care sector"
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Insicon founder Matt Miller on the coming 'tsunami' of compliance and educating boards about cyber security
Orro claims Australia first with managed digital asset discovery service
Orro claims Australia first with managed digital asset discovery service

Log In

  |  Forgot your password?