Database error leaves 150 million voter records exposed online

Database error leaves 150 million voter records exposed online
© Getty

 

More than 150 million U.S. voter records were available publicly due to a misconfigured database, a data firm confirmed Wednesday — the second such accidental exposure of voter data in six months.

The records were compiled by the voter information brokerage L2, but were not leaked by L2. Chris Vickery, a security researcher at MacKeeper, said the data was being hosted on a Google cloud account. The data has since been taken down. 

“When I called L2, I told them that someone was giving their data away for free,” said Vickery. “They were pretty quickly able to tell who the client was.”

ADVERTISEMENT
Visible data included names, addresses, political preferences, and opinions on issues including same-sex marriage and gun control. In total, there were 326 gigabytes of sensitive data improperly being handled online.

L2 said the voter information was not current — about a year old — and that the unnamed client exposing the information claimed his account had been hacked. 

Vickery said he doubts it was a hack, and believes it is more likely the problem was a common user error.

The data was in the open because the database program being used, CouchDB, was not properly set to keep the information secure. Improperly setting up these databases is not uncommon.

 Vickery said anyone with technical know-how can search the internet for exposed databases. 

He said regularly finds open databases and advises the companies who post them to increase their security. He discovered a similar database of 191 million U.S. voter records in December.

“The problem is that these are powerful tools that are easy to misuse in a dangerous way if you don’t know what you’re doing,” said Vickery. “You can’t just use a chainsaw.”