Posted on 12/28/2015 5:10:41 PM PST by knak
If you have voted in a US election recently, there's a good chance your personal information is included in a trove of voter data found on a publicly available Web server.
A misconfigured database has exposed the personal information on more than 191 million US voter records, according to Chris Vickery, a security researcher who made the discovery and shared his findings with Databreaches.net for a story published Monday. The database contains information required for voter registration -- including names, home addresses, date of birth and home phone numbers -- as well as voting history since 2000.
By comparison, the US Census Bureau found that 142.2 million US citizens were registered to vote in 2014 (PDF).
Vickery told Databreaches.net he confirmed the data's authenticity by locating his own information. Thankfully, the trove of data did not include Social Security numbers, driver's license numbers or financial information. Political affiliation and participation in primaries and elections is included, but information on individuals' voting choices does not seem to appear.
It wasn't immediately clear who the database belongs to. Vickery attempted to identify the server's owner through records stored on the Web server but was unsuccessful. Databreaches.net said it contacted the FBI and the attorney general of California, one of the few states that restrict what data may be disclosed.
"When one of their attorneys asked, 'Well how much data are we talking about?' and I read her the list of data fields and told her that we had access to voter records of over 17 million California voters, her response was 'Wow,' and she promptly forwarded the matter to the head of their e-crime division," according to a blog post by DataBreaches.net.
The FBI and the California Attorney General's Office did not respond to requests for comment.
The voter information is just the latest data discovered sitting openly viewable on the Internet and easily accessible with the click of a mouse. Last week, Vickery discovered the unprotected usernames, email addresses and password hints of up to 3.3 million users of SanrioTown.com, designed for fans of Sanrio characters like Hello Kitty. Earlier this month, Vickery also discovered a security hole that exposed the usernames, email addresses and other personal information for 13 million users of MacKeeper, a suite of software that claims to make Macs more secure.
Voter registration lists are public record in most states, but many have restrictions on how the data may be used. In California, voter registration cards are confidential and can only be accessed under certain circumstances. In South Dakota, those requesting access to voter data must confirm that the information "may not be used or sold for any commercial purpose and may not be placed for unrestricted access on the Internet."
The exposed data could be valuable in an issues-oriented campaign. It also poses a threat to voters' privacy and safety in the wrong hands, according to one police officer quoted by Databreaches.net. The officer, who viewed accurate information about himself in the Web server's data, said he intentionally keeps his address and phone number off the Internet to protect himself and his family.
"I deal with criminals every day who know my name. The thought of some vindictive criminal being able to go to this site and get my address makes me uncomfortable," he told the site. "I'm also annoyed that people can get my voting record. Whether I vote Republican or Democratic should be my private business."
WOW! Just wow!
H1B visas and outsourcing..
H1B visas and outsourcing..
Greeeeat. :/
Voting history?
Good one!
Well, that's a relief.
This is the record of whether you voted in any given primary or general election. This is public information. How you voted is not.
“It wasn’t immediately clear who the database belongs to....”
Correctly: “It wasn’t immediately clear which government agency that the database belongs to....”
And lots of it likely doctored extensively.
It is my understanding that it is entirely legal to fire someone because they are Republican.
I remember the incompetence of the Carter years, and that was nothing compare to what I’m seeing now.
To hell with my voting history my date of birth is info I don’t give out.
Yes. Voted in 2008 general in person. Voted in 2010 primary by absentee. Etc.
Run this database versus the Chicago death certificates.
Voter registrations are public records and anyone can get them. You can get a list for a couple dollars from any county in the country. This is stupid.
bflr
Disclaimer: Opinions posted on Free Republic are those of the individual posters and do not necessarily represent the opinion of Free Republic or its management. All materials posted herein are protected by copyright law and the exemption for fair use of copyrighted works.