- Man delighted to find 30-year-old computer still works Sunday 5:32 PM
- Report: Google used shell companies to build data centers, obtain tax breaks Sunday 3:38 PM
- Grammy winner Kacey Musgraves spoiled ‘RuPaul’s Drag Race All Stars 4’ Sunday 2:24 PM
- Conservatives feel vindicated by new developments in Jussie Smollett case (updated) Sunday 12:19 PM
- Don Cheadle made important fashion choices on ‘SNL’ Sunday 9:47 AM
- Why the Twitter left loves to dunk on Max Boot Sunday 6:30 AM
- How to watch ‘Last Week Tonight with John Oliver’ online for free Sunday 6:30 AM
- How to stream Francis Ngannou vs. Cain Velasquez for free Sunday 6:00 AM
- How to stream the 2019 Daytona 500 for free Sunday 5:50 AM
- 7-year-old YouTuber to get his own show on Nickelodeon Saturday 5:30 PM
- ‘Hipster’ jobs are trending, and Indeed says the market is booming Saturday 3:33 PM
- Trump meme removed after copyright complaint Saturday 2:15 PM
- Facebook pushes back against moderators complaining about ‘Big Brother’ environment Saturday 12:46 PM
- Twitter hid post from an account linked to Iran’s Supreme Leader Saturday 10:17 AM
- How to stream Leo Santa Cruz vs. Rafael Rivera for free Saturday 8:00 AM
Full names, phone numbers, addresses, party affiliations, and more.
The voter information of more than 191 million Americans—including full names, dates of birth, home addresses, and more—was exposed online for anyone who knew the right IP address.
The misconfigured database, which was reportedly shut down at around 7pm ET Monday night, was discovered by security researcher Chris Vickery. Less than two weeks ago, Vickery also exposed a flaw in MacKeeper’s database, similarly exposing 13 million customer records.
“Don’t let anyone try to dismiss this as, ‘Oh, it’s just mostly public records.’”
According to researchers, the voter database contained voters’ names (first, middle, and last), home addresses, mailing addresses, phone numbers, dates of birth, sex, ethnicity, party affiliation, and whether the person voted in primary or general elections.
It did not, however, include Social Security numbers, driver’s licenses numbers, or any financial records, according to sources with firsthand knowledge of the dataset. An “almost-complete” screenshot of a voter record, which was redacted to protect the voter’s identity, reveals dozens of field entries containing an array of personal information.
In total, the leaky database contained more than 191,337,170 records, which dated as far back as 2000.
Its existence was first reported by Dissent, the pseudo-anonymous blogger at DataBreaches.net, and information-security journalist Steve Ragan. Both Vickery and Ragan confirmed locating their own personal data among the records. Vickery reportedly responded with outrage. “How could someone with 191 million such records be so careless?” he asked Ragan.
Attempting to locate the source, Ragan reached out to more than a half-dozen political firms, including Catalist, Political Data, Aristotle, and L2 Political. Each denied ownership of the IP address on which the database was found.
After noticing a few of the data field labels appeared to be proprietary, Vickery and Dissent reached out to NationBuilder, a company formerly overseen by Joe Green, an entrepreneur who years prior launched Causes.com, along with former Facebook president Sean Parker.
NationBuilder likewise denied ownership of the “inadvertently accessible” database in a statement on Monday, but added, nevertheless, it may correlate with data it gave freely to campaigns.
“We do not provide access to anyone for non-political purposes or that would violate any state’s laws.”
“While the database is not ours, it is possible that some of the information it contains may have come from data we make available for free to campaigns,” said CEO Jim Gilliam, of the database found by Vickery. “From what we’ve seen, the voter information included is already publicly available from each state government so no new or private information was released in this database.”
Added Gilliam: “We strongly believe in making voter information more accessible to political campaigns and advocacy groups, so we provide cleaned versions of that publicly accessible information to them for free. We do not provide access to anyone for non-political purposes or that would violate any state’s laws.”
“Don’t let anyone try to dismiss this as, ‘Oh, it’s just mostly public records,’” Dissent told the Daily Dot on Monday. In the wrong hands, she said, the database could put at risk law enforcement officers, domestic abuse victims, and employees whose bosses are staunchly partisan.
“Some voter information needs to be public record for accountability and to keep elections honest,” Dissent added, “but maybe party affiliation shouldn’t be part of state voter registration anymore. Let people sign up with parties separately and let the parties keep their own lists.”
Both Dissent and Vickery reached out to the California Attorney General’s Office for assistance, since California voters are among those exposed, as well as federal law enforcement.
Citing a policy intended to preserve the integrity of investigations, a spokesperson for Attorney General Kamala Harris would neither confirm nor deny her office was looking into the database. The Federal Bureau of Investigation declined to comment as well.
Dissent said she believes the database should catalyze a debate over whether there should be new rules about posting voting lists online. “One state, South Dakota, prohibits it,” she said. “Maybe the other states should follow their lead on that.”
Dell Cameron was a reporter at the Daily Dot who covered security and politics. In 2015, he revealed the existence of an American hacker on the U.S. government's terrorist watchlist. He is a co-author of the Sabu Files, an award-nominated investigation into the FBI's use of cyber-informants. He became a staff writer at Gizmodo in 2017.