BREAKING NEWS: A misconfigured database has led to the exposure of approximately 191 million voter records, which include sensitive information such as full names, addresses, unique voter IDs, birth dates, and phone numbers.
This alarming discovery was made on December 20th by Chris Vickery, a noted white-hat hacker, who found that the personal identifying information (PII) of millions of American voters was openly accessible online, raising serious cybersecurity concerns.
Vickery, previously known for exposing the personal details of 13 million users of MacKeeper, was taken aback when he discovered that his own data was also included in the database. He has since reached out to DataBreaches.net, sharing comprehensive details about this significant breach.
The database in question holds around 300GB of information, consisting of extensive voter records. These records encompass various types of data, including individuals’ full names, residential and mailing addresses, unique and state voter IDs, gender, dates of birth and registration, phone numbers, political affiliations, and even detailed voting histories dating back to 2000.
Interestingly, while Vickery confirmed the accuracy of the information by checking it against the data of local police officers, he also noted some fortunate omissions. The breached database does not contain Social Security Numbers, driver license numbers, or any financial data, but the mass of exposed information still poses a significant threat to personal privacy and cybersecurity.
Despite the severity of the breach, no organization has stepped forward to claim responsibility for the exposed database. Vickery, along with representatives from CSO and DataBreaches.net, contacted several political technology firms and known voter information companies, only to be met with denials regarding any connection to the database.
In addition, Vickery and DataBreaches.net approached the FBI and the Internet Crime Complaint Center for assistance, although it remains uncertain how soon measures will be taken to mitigate the risks associated with this data exposure. The lack of accountability raises pressing questions about data management practices and security in the voter information sector.
This incident exemplifies potential lapses in cybersecurity that could be framed through the lens of the MITRE ATT&CK Matrix. Relevant tactics and techniques may include initial access methodologies such as system misconfigurations, which can provide adversaries with unauthorized opportunities to exploit vulnerabilities. The ramifications of such breaches underscore the necessity for robust protective strategies to safeguard sensitive voter information and preempt similar incidents in the future.
