Millions of services protect their databases with extra security layers to diminish the possibility of a data breach. For security devotees, it might be unimaginable that a database could be left bare, without any means of protection. Reliable sources from UpGuard’s Cyber Risk Team have now made official statements about a vulnerable cloud server, owned by the Deep Root Analytics.
Shockingly, the database was left open to the public eye as almost anyone had the chance to access it. In total, 1.1 terabytes of valuable personally-identifiable information about America’s 198 million registered voters was a sitting for the entire world to exploit.
The day 19th of June marks the first major data breach of this kind. There are no recorded exposures when so many personal details about voters would have been revealed. Of course, that does not mean that political information has never been compromised. However, such accidents are nothing to celebrate. You can ask: why did this incident occur? All we can say that a small, sloppy mistake was extremely significant.
The information about voters was uploaded in an Amazon Web Services S3 bucket storage account and the confidentiality of this data would have been protected if Deep Root Analytics had not made a reckless mistake of setting it in a public mode. To make matters even more severe, the data was available to be downloaded.
The expected data when the personal information became available is expected to be June 1, but security researchers explain that the settings might have been set wrong even before that. From the publicly-disclosed information, it is clear that the information, sorted by the supporters of the Trump campaign, classified voters according to different traits. The spreadsheets contained names, dates of birth, home and mailing addresses, phone numbers, registered parties, self-reported racial demographic, voter registration status and even whether they are on the federal “Do Not Call” list.
Company that uploaded this information, hired by Republican National Committee (RNC), admitted their mistake and took full responsibility for the exposure of sensitive information. After Vickery found the defenseless database, it did not take long for the appropriate services to prevent it from being public. Of course, not anyone would have been able to stumble upon this information even before.
For those who could have got their hand on the unprotected information, it would have been eye-opening to see the way political parties attempt to discover which voters will potentially vote for a specific candidate. Information about people’s personal lives, their living conditions, family, political opinion are all combined to create a profile for a specific person.
Source: upguard.com
