- West Virginia corrections employees suspended after Nazi salute photo surfaces Thursday 8:02 PM
- Here are the 15 best Eddie Murphy movies available to stream Thursday 7:56 PM
- Ex-InfoWars video editor admits to making up Islamophobic stories Thursday 6:55 PM
- WhatsApp accounts deleted amid Kashmir internet blackout Thursday 6:21 PM
- Guy gets mocked for tattoo of Baby Yoda drinking White Claw Thursday 6:18 PM
- Spotify Wrapped has people asking just how much it knows about us Thursday 5:50 PM
- Instagram account allegedly asked for inappropriate photos of children Thursday 5:16 PM
- How to stream ‘Boys vs. Bears on Thursday Night Football Thursday 4:33 PM
- Woman caught her boyfriend cheating through his Fitbit Thursday 4:29 PM
- The Pete Buttigieg ‘High Hopes’ dance was designed by an intern Thursday 4:17 PM
- TikTok admits to hiding content made by fat, LGBTQ, and disabled users Thursday 3:58 PM
- ‘Merry Happy Whatever’ is an unoriginal sitcom with plenty of holiday cheer Thursday 3:55 PM
- The ‘Pod Save America’ Bros are losing it over Joe Biden’s newest ad Thursday 3:28 PM
- Van Halen had a wholesome response in defense of Billie Eilish Thursday 3:15 PM
- Influencer faces wrath of K-pop fans after her son played with penis-shaped soap Thursday 1:27 PM
Mexican authorities have begun criminal proceedings into a data theft incident said to affect more than 87 million registered voters.
Mexico’s National Electoral Institute (INE) filed a criminal complaint on Friday with the country’s election crimes office concerning millions of voter records discovered on a U.S.-based Amazon cloud server. The theft of the records, which includes names, addresses, phone numbers, dates of birth, and voting credentials of Mexican citizens, constitutes a “national offense,” according to INE Director Lorenzo Cordova Vianello.
It remains unclear how the database, which is confidential under federal law, wound up on a server in the United States.
The database’s existence was revealed on Friday by Chris Vickery, a white-hat security researcher employed by Austin-based antivirus software company MacKeeper. Vickery is responsible for identifying a misconfigured database in December that exposed the voting records and personal information of more than 191 million Americans.
The database containing Mexico’s voter records was shut down by Amazon early Friday morning after repeated complaints by Vickery, who had previously contacted the U.S. State Department, the U.S. Secret Service, and the U.S. Computer Emergency Readiness Team (US-CERT), a federal agency tasked with assessing cyberthreats against the nation, to no avail.
The identity of the culprit behind the leak remains a mystery, according to Dissent Doe, a pseudonymous blogger who routinely partners with Vickery on major cybersecurity scoops. In an interview on Doe’s website, DataBreaches.net, an INE spokesperson confirmed the veracity of the database.
“We started the investigation and legal actions, but we don’t have at the moment information to identify the persons involved,” the spokesperson said.
Vickery, who believes the records have been matched to a February 2015 electoral roll, said the Mexican government had access to the database for three days before Amazon shut it down. “I’m sure they downloaded a copy of it,” he said.
INE confirmed that the database originated with a person who had legal access to the records. The culprit is likely someone affiliated with one of the country’s nine political parties, they said. In fact, the agency may already be aware of which one.
According to Vickery, the voter lists distributed to the parties contain unique identifiers, such as bogus names hidden among the millions of authentic records. Without multiple copies of the database, identifying the false records would be like locating a needle in a haystack.
“Apparently, they’ve been able to identify which on the nine parties leaked it,” Vickery said. “They’re not saying who yet.”
Mexico has yet to receive Amazon’s cooperation, according to INE, who confirmed legal action had been taken “so that the corresponding authorities [can] help us to get more information.”
The spokesperson added that it was prepared to take steps to limit the personal information collected about voters, which had been a topic of discussion before the institute’s general council in past weeks. “There is a new agreement on the information related to personal data that is given in accordance [with] the law that will be discussed next week,” they said.
The Mexican government has invited Vickery to visit Mexico, the Daily Dot has learned, so that officials can explain to him how the security around its election system works. In an email to Vickery, a government official said it was “important to exchange points of view” and learn from his experience. Vickery said he was looking forward to visiting the country with his wife soon.
Update 4:30pm CT, Apr. 23: This article has been updated to include an additional quote from an INE spokesperson.
Dell Cameron was a reporter at the Daily Dot who covered security and politics. In 2015, he revealed the existence of an American hacker on the U.S. government's terrorist watchlist. He is a co-author of the Sabu Files, an award-nominated investigation into the FBI's use of cyber-informants. He became a staff writer at Gizmodo in 2017.