- Bella Thorne claims Tana Mongeau ‘broke girl code’ in a series of messy tweets Thursday 7:00 PM
- Redditors keep this data engineer’s plants alive for him Thursday 5:20 PM
- Professor writes article defending ‘Asian romantic preference’—and no one is here for it Thursday 4:57 PM
- Ditch Pornhub and support adult content creators instead Thursday 4:46 PM
- Fans grieve Kyoto Animation Studio fire with #PrayforKyoAni Thursday 4:18 PM
- Netflix’s ‘Secret Obsession’ isn’t just terrible—it’s boring as hell Thursday 3:30 PM
- Instagram expands experiment of hiding likes to 6 more countries Thursday 3:20 PM
- Man asks woman to stop speaking Spanish on a plane—and bystanders start speaking Spanish Thursday 12:55 PM
- Schumer calls on FBI, FTC to investigate FaceApp Thursday 12:41 PM
- Netflix loses subscribers—but hopes some tentpole shows can save it Thursday 12:10 PM
- Man utterly roasted for saying women can’t ask for equality in revealing clothing Thursday 12:07 PM
- Instagram struggles to remove photos of Bianca Devins’ dead body Thursday 11:14 AM
- ‘Storm Area 51’ creator says its gotten so big he’s worried about the FBI Thursday 10:49 AM
- Everyone loves Q baby, the baby who apparently supports QAnon Thursday 9:53 AM
- Thread about ‘depression meals’ is inspiring lots of relatable answers Thursday 9:36 AM
Mexico launches criminal probe into theft of 87 million voter records
The source of the leak may already be known.
Mexican authorities have begun criminal proceedings into a data theft incident said to affect more than 87 million registered voters.
Mexico’s National Electoral Institute (INE) filed a criminal complaint on Friday with the country’s election crimes office concerning millions of voter records discovered on a U.S.-based Amazon cloud server. The theft of the records, which includes names, addresses, phone numbers, dates of birth, and voting credentials of Mexican citizens, constitutes a “national offense,” according to INE Director Lorenzo Cordova Vianello.
It remains unclear how the database, which is confidential under federal law, wound up on a server in the United States.
The database’s existence was revealed on Friday by Chris Vickery, a white-hat security researcher employed by Austin-based antivirus software company MacKeeper. Vickery is responsible for identifying a misconfigured database in December that exposed the voting records and personal information of more than 191 million Americans.
The database containing Mexico’s voter records was shut down by Amazon early Friday morning after repeated complaints by Vickery, who had previously contacted the U.S. State Department, the U.S. Secret Service, and the U.S. Computer Emergency Readiness Team (US-CERT), a federal agency tasked with assessing cyberthreats against the nation, to no avail.
The identity of the culprit behind the leak remains a mystery, according to Dissent Doe, a pseudonymous blogger who routinely partners with Vickery on major cybersecurity scoops. In an interview on Doe’s website, DataBreaches.net, an INE spokesperson confirmed the veracity of the database.
“We started the investigation and legal actions, but we don’t have at the moment information to identify the persons involved,” the spokesperson said.
Vickery, who believes the records have been matched to a February 2015 electoral roll, said the Mexican government had access to the database for three days before Amazon shut it down. “I’m sure they downloaded a copy of it,” he said.
INE confirmed that the database originated with a person who had legal access to the records. The culprit is likely someone affiliated with one of the country’s nine political parties, they said. In fact, the agency may already be aware of which one.
According to Vickery, the voter lists distributed to the parties contain unique identifiers, such as bogus names hidden among the millions of authentic records. Without multiple copies of the database, identifying the false records would be like locating a needle in a haystack.
“Apparently, they’ve been able to identify which on the nine parties leaked it,” Vickery said. “They’re not saying who yet.”
Mexico has yet to receive Amazon’s cooperation, according to INE, who confirmed legal action had been taken “so that the corresponding authorities [can] help us to get more information.”
The spokesperson added that it was prepared to take steps to limit the personal information collected about voters, which had been a topic of discussion before the institute’s general council in past weeks. “There is a new agreement on the information related to personal data that is given in accordance [with] the law that will be discussed next week,” they said.
The Mexican government has invited Vickery to visit Mexico, the Daily Dot has learned, so that officials can explain to him how the security around its election system works. In an email to Vickery, a government official said it was “important to exchange points of view” and learn from his experience. Vickery said he was looking forward to visiting the country with his wife soon.
Update 4:30pm CT, Apr. 23: This article has been updated to include an additional quote from an INE spokesperson.
Dell Cameron was a reporter at the Daily Dot who covered security and politics. In 2015, he revealed the existence of an American hacker on the U.S. government's terrorist watchlist. He is a co-author of the Sabu Files, an award-nominated investigation into the FBI's use of cyber-informants. He became a staff writer at Gizmodo in 2017.