Lundi, 26 Juin 2017
Latest news
Main » Contractor mistakenly exposes 200M voters in GOP database

Contractor mistakenly exposes 200M voters in GOP database

20 Juin 2017

A folder containing 2016 data only included files for OH and Florida, two crucial battleground states. The leaky account was discovered by researcher Chris Vickery of the security firm UpGuard. It is unclear whether anyone else had accessed the files before they were secured on June 14.

"In terms of the disk space used, this is the biggest exposure I've found".

The voter files found by Vickery, he said, added up to "billions of data points" that, in the wrong hands, could easily be abused.

Vickery had previously discovered another publicly accessible database of 191 million voter records in 2015, using similar techniques.

The personal data of potential voters is incredibly useful to those running political campaigns and millions of dollars are spent on analyzing the information to help win presidential elections. UpGuard speculates that the folder may imply that the firm TargetPoint compiled and shared the data with Deep Root.

Data security firm UpGuard is bringing our attention to a very severe data exposure today. Gizmodo was first to report details of the data vulnerability Monday.

The Deep Root Analytics cloud server had 25 terabytes of data exposed, including 1.1 terabytes available for download.

Deep Root had all of this data because it was helping the Republican Nation Committee better target its 2016 campaign for the US Presidency.

Deep Root Analytics, a GOP-hired marketing and data analytics firm, confirmed to Gizmodo that it had amassed the leaked data from sources ranging from subreddits to the records of conservative super PACs.

According to UpGuard, the data provides insight into the workings of the RNC's $100 million data collection and analysis effort. Both the Republicans and Democrats gather enormous amounts of data (the Deep Root leak was at least a terabyte) on potential voters which help them direct their message.

In a statement to ZDNet, Deep Root cofounder Alex Lundry said a "number of files" on the server were accessed without the company's permission.

This is the third time Vickery has found a huge portion of the national voter registration database leaked online.

What is uncommon in this case is the size and scope of this exposure. Contained in the records is personal information and voter polling data associated with millions of registered USA voters.

"Media coverage hasn't impacted the numbers, ransomware is rampant, firewalls are being circumvented and secure defaults are being made insecure", says John Matherly, the creator of Shodan, a search engine that indexes internet-connected devices and can be used to find misconfigured databases. Other subreddits that appear to have been scraped by Deep Root or a partner organization focused on more benign topics, like mountain biking and the Spanish language. According to UpGuard, the data also included analysis of voters' stances on different policy issues-in one 50 GB database, voters were "scored with a decimal fraction between zero and one across forty-six columns" to represent how likely the voter was to agree with certain policy and belief statements, including clear statements like: "AmericaFirstForeignPolicy_agree", "FinancialServicesHarmful_agree", "FossilFuelsNeedToMoveAwayFrom", "LowerTaxes_agree", "PharmaCompsDoGreatDamage_agree", "RepealObamacare_agree", "NonReluctantDJTVoter", and "StopIllegalImmigration_agree".

Contractor mistakenly exposes 200M voters in GOP database