Misconfigured database exposes sensitive data for 154 million US voters

A new US voter database leak has exposed the addresses, estimated income, ethnicity, phone numbers, political affiliation, and voting history of 154 million Americans.

Some records went further, noting the political beliefs, children, gun ownership, and Facebook profiles.

The new breach is just the latest in a string of election-year dumps of voter databases: 191 million records exposed in late December 2015; then 56 million more in early January.

This breach, discovered by MacKeeper's Chris Vickery, seems have originated with a customer of L2, "a company specializing in voter data utilization. At fault is a misconfigured Couchdb instance on Amazon's cloud servers.

The voter information breaches are the result of a confluence of several factors: increasingly data-driven electioneering that has created a market for these fine-grained databases; the post-Citizens United reality of Super PACs popping up and vanishing faster than anyone can keep track of, buying up lists and then abandoning them when their causes, funders or candidates fall away; the intrinsic problems of information security, which demands that defenders make no mistakes and only asks that attackers find a single error in the defense; surveillance capitalism and its ability to gather dossiers on people at mass-scale through their everyday internet use, especially via the mobile internet and social media; and the inherent copy-ability of voter databases, which contain enough information to compromise hundreds of millions of people in files that can be transferred in just a few minutes.

It's not just the USA; as Dissent Doe — who has been on this story for some time — points out, mass-scale voter database breaches have hit the Philippines, Russia, Mexico, and Turkey, all in 2016.

Vickery promptly emailed L2 to explain the situation and then spoke with them by phone. They recognized the database as likely being one of their clients', noting that were very few clients big enough to have a national database like that and they should be able to track the source down.

Within three hours of their phone call, the database was secured. L2's CEO Bruce Willsie confirmed that to Vickery, thanking him for finding the problem and for bringing it to L2 so that they could respond.

Noting that their unnamed national client had taken the site down quickly upon notification from L2, Willsie stated that the client told L2 that they were hacked and the firewall had been taken down. The client was now conducting their own research to determine the extent of the incursion.

154 million voter records exposed, revealing gun ownership, Facebook profiles, and more
[Dissent Doe/Daily Dot]

(via /.)