- Thousands of Uber users have reported sexual assaults, company says Friday 5:40 PM
- ‘Astronomy Club’ reformats the sketch show Friday 4:58 PM
- Trump is concerned America’s toilets too weak Friday 3:53 PM
- Twitter users claim Billie Eilish is ‘over’ because she didn’t like Lady Gaga’s meat dress Friday 2:53 PM
- Nikki Haley says the Confederate flag was fine until Dylann Roof ‘hijacked’ it Friday 2:49 PM
- How emotional labor discourse spawned multiple memes Friday 2:22 PM
- Video of YouTuber Onision threatening ex-girlfriend resurfaces Friday 2:03 PM
- Marianne Williamson embraces anti-vax stance on Facebook Friday 1:58 PM
- Peloton Husband is worried memes will have ‘repercussions’ for his career Friday 1:55 PM
- ‘The Mandalorian’ stumbles as it returns to a familiar planet Friday 1:47 PM
- The best app controlled Christmas lights for the holidays Friday 1:04 PM
- Go green and save green with solar-powered Christmas lights Friday 1:02 PM
- Bloomberg on diversity in 2020 race: ‘Don’t complain to me’ Friday 12:40 PM
- Midge flaunts the worst side of herself in ‘Marvelous Mrs. Maisel’ season 3 Friday 12:17 PM
- Social media companies continue to fail to police fake behavior, study finds Friday 10:44 AM
Mexican authorities have begun criminal proceedings into a data theft incident said to affect more than 87 million registered voters.
Mexico’s National Electoral Institute (INE) filed a criminal complaint on Friday with the country’s election crimes office concerning millions of voter records discovered on a U.S.-based Amazon cloud server. The theft of the records, which includes names, addresses, phone numbers, dates of birth, and voting credentials of Mexican citizens, constitutes a “national offense,” according to INE Director Lorenzo Cordova Vianello.
It remains unclear how the database, which is confidential under federal law, wound up on a server in the United States.
The database’s existence was revealed on Friday by Chris Vickery, a white-hat security researcher employed by Austin-based antivirus software company MacKeeper. Vickery is responsible for identifying a misconfigured database in December that exposed the voting records and personal information of more than 191 million Americans.
The database containing Mexico’s voter records was shut down by Amazon early Friday morning after repeated complaints by Vickery, who had previously contacted the U.S. State Department, the U.S. Secret Service, and the U.S. Computer Emergency Readiness Team (US-CERT), a federal agency tasked with assessing cyberthreats against the nation, to no avail.
The identity of the culprit behind the leak remains a mystery, according to Dissent Doe, a pseudonymous blogger who routinely partners with Vickery on major cybersecurity scoops. In an interview on Doe’s website, DataBreaches.net, an INE spokesperson confirmed the veracity of the database.
“We started the investigation and legal actions, but we don’t have at the moment information to identify the persons involved,” the spokesperson said.
Vickery, who believes the records have been matched to a February 2015 electoral roll, said the Mexican government had access to the database for three days before Amazon shut it down. “I’m sure they downloaded a copy of it,” he said.
INE confirmed that the database originated with a person who had legal access to the records. The culprit is likely someone affiliated with one of the country’s nine political parties, they said. In fact, the agency may already be aware of which one.
According to Vickery, the voter lists distributed to the parties contain unique identifiers, such as bogus names hidden among the millions of authentic records. Without multiple copies of the database, identifying the false records would be like locating a needle in a haystack.
“Apparently, they’ve been able to identify which on the nine parties leaked it,” Vickery said. “They’re not saying who yet.”
Mexico has yet to receive Amazon’s cooperation, according to INE, who confirmed legal action had been taken “so that the corresponding authorities [can] help us to get more information.”
The spokesperson added that it was prepared to take steps to limit the personal information collected about voters, which had been a topic of discussion before the institute’s general council in past weeks. “There is a new agreement on the information related to personal data that is given in accordance [with] the law that will be discussed next week,” they said.
The Mexican government has invited Vickery to visit Mexico, the Daily Dot has learned, so that officials can explain to him how the security around its election system works. In an email to Vickery, a government official said it was “important to exchange points of view” and learn from his experience. Vickery said he was looking forward to visiting the country with his wife soon.
Update 4:30pm CT, Apr. 23: This article has been updated to include an additional quote from an INE spokesperson.
Dell Cameron was a reporter at the Daily Dot who covered security and politics. In 2015, he revealed the existence of an American hacker on the U.S. government's terrorist watchlist. He is a co-author of the Sabu Files, an award-nominated investigation into the FBI's use of cyber-informants. He became a staff writer at Gizmodo in 2017.