We’ve seen boat loads of personal info dumps online in the last year, but none as bizarre as this: A discovery of personal data from millions of Americans who’ve voted since 2000, found by a researcher and sitting in a sloppily configured database. In other words, it was just hanging out on the web. For unknown reasons. And we have no idea who put it there.
Chris Vickery, an independent researcher and hacker, made the discovery and shared it with DataBreaches.net. He’s the same guy who earlier this month discovered that a Hello Kitty database breach exposed over 3 million community users’ personal data, most likely including the information of children.
This mysterious voter database contains a mix of voters’ personal and public information including Phone numbers, home addresses, party affiliations, email addresses, full names, ethnicity, gender, and age. Luckily, though, Social Security numbers, driver’s license numbers and sensitive financial data were not exposed.
This time, Vickery found his own info in the database, and reporters at Forbes, CSO Online, and DataBreaches.net found personal info of their own, too. No one’s claimed the database, though. CSO reached out to political tech firms like Catalist, Political Data, Aristotle, L2 Political, and NGP VAN, who all denied the database (still online) is theirs.
Voter records are public information, and individual state laws usually govern how information from a state’s voter list may be used. For example, political campaigns can mine the lists for targeted mailings.
In this odd case, it seems someone must have collected loads of records from different places and then synthesized into one central database. That information is all public, but having it concentrated in one place could be an identity thief’s dream. Why’d someone do this? We may never know.
Top image: Shutterstock