An RNC contractor exposed the voting records of 198 million Americans

Geronimo Vena
Giugno 20, 2017

The data that was accessed was, to the best of our knowledge this proprietary information as well as voter data that is publicly available and readily provided by state government offices.

The leak was discovered by Chris Vickery, an analyst at the USA cybersecurity firm UpGuard, who previous year discovered an enormous breach of Mexican voter data and in 2015 a 300GB leak of records of 191 million voters.

A further 24TB of data was also found in the S3 bucket, but it was protected against unauthorised access.

Discovered by an analyst with the cybersecurity company UpGuard, the data was stored on a publicly accessible Amazon server. Before going public with this exposure, Deep Root Analytics had time to secure their data and Vickery was able to alert the federal authorities.

"Currently downloading what is, basically, the home address of every Trump supporter,"Vickery tweeted on 12 June".

How could someone get access to all that information? This one has both breaches beaten by an additional 100 million voters, making it very likely the largest known exposure of voter information in history.

Read Gizmodo's report here, and Upguard's report here.

"We accept full responsibility, will continue with our investigation, and based on the information we have gathered thus far, we do not believe that our systems have been hacked", says Deep Root.

Political data breaches aren't just for the DNC anymore: A GOP data firm has accidentally leaked personal information on nearly all of the 200 million registered voters it had access to.

Anyone could access the data as long as they had a link to it. The data fields included views on specific issues including abortion, gun rights and environmental issues, he said.

The file has been secured now for several days, Vickery said, adding that he informed law enforcement of the vulnerability after discovering it.

"They're using this information to create political dossiers on individuals that are now available for anyone", Jeffrey Chester, executive director of the Center for Digital Democracy, told the Post.

The database also contains files that may be from another data firm, TargetPoint, suggesting the two companies shared USA voter information. The RNC data was part of a costly effort to improve the party's data collection and analysis in the wake of the 2012 election.

According to Ad Age, the RNC spent $983,000 between January 2015 and November 2016 for Deep Root's services and $4.2 million for TargetPoint's. Of that, $6.2 million went to Data Trust, which has an exclusive list-sharing agreement with the national party. It makes it easier for politicians to win elections, companies to target advertisements, and other organizations to boost their own effectiveness.

Among the outside entities that participated in data swaps with Data Trust last cycle was i360, a rival operation financed by Freedom Partners, a nonprofit backed by the wealthy Koch brothers and other conservative donors.

UpGuard revealed that a misconfigured database made the personal information of 198 million US voters publicly available to anyone who went looking for it. The same factors that have resulted in thousands of previous data breaches-forgotten databases, third-party vendor risks, inappropriate permissions-combined with the RNC campaign operation to create a almost unprecedented data breach.

Altre relazioni OverNewsmagazine

Discuti questo articolo