Nearly 600,000 records on Alaskan voters were left unsecured on the web, accessible to anyone who knew where to look without any form of logging in.
Each record contained names, addresses, voting preferences, dates of birth, marital status and ethnicity and some contained information like gun ownership, children's ages and issues a campaign might try to appeal to.
The information was ultimately exposed through a misconfigured database.
The voter database was originally compiled by TargetSmart, a leading broker of voter data, but appears to have been stored in a misconfigured online database by the marketing group Equals3 which purchased the list from TargetSmart.
Equals3 held the data in a misconfigured CouchDB database, leaving it without security controls.
TargetSmart is best known for its work as a contractor for the Democratic National Committee, but has also worked with businesses including NBC news. According to its website, TargetSmart’s national VoterBase database contains 191 million voters and 58 million unregistered voters.
“Thousands of campaigns each year rely on the unparalleled accuracy of VoterBase data to power their fundraising, research, and voter contact programs,” reads the site.
Equals3 advertises itself as an artificial-intelligence-based service to help target marketing campaigns offering “sophisticated market research, complicated audience establishment, and flawless media plans.”
Misconfigured databases are a common way information is exposed to the web.
The database was secured and later pulled offline Monday, according to ZDNet.