Slashdot Mirror

← Back to Stories (view on slashdot.org)

198 Million Americans Hit By 'Largest Ever' Voter Records Leak (zdnet.com)

Posted by msmash on from the how-about-that dept.

Political data gathered on more than 198 million US citizens was exposed this month after a marketing firm contracted by the Republican National Committee stored internal documents on a publicly accessible Amazon server, reports say. From a ZDNet article: It's believed to be the largest ever known exposure of voter information to date. The various databases containing 198 million records on American voters from all political parties were found stored on an open Amazon S3 storage server owned by a Republican data analytics firm, Deep Root Analytics. UpGuard cyber risk analyst Chris Vickery, who found the exposed server, verified the data. Through his responsible disclosure, the server was secured late last week, and prior to publication. This leak shines a spotlight on the Republicans' multi-million dollar effort to better target potential voters by utilizing big data. The move largely a response to the successes of the Barack Obama campaign in 2008, thought to have been the first data-driven campaign. Further reading: Republican Data-Mining Firm Exposed Personal Information for Virtually Every American Voter - The Intercept; The RNC Files: Inside the Largest US Voter Data Leak - Upguard; Data on 198M voters exposed by GOP contractor Data On 198M Voters Exposed By GOP Contractor - The Hill.

5 of 119 comments (clear)

  1. Misleading title by chispito · · Score: 2, Interesting
    There's no indication that it was accessed prior to disclosure, so it may or may not have been, strictly speaking, "leaked." I'd be interested in exactly what kind of data this is, as I'm struggling to think of who I would want to have marketing info on me less than one of the Big Two political parties.

    From TFA

    We accept full responsibility, will continue with our investigation, and based on the information we have gathered thus far, we do not believe that our systems have been hacked," he said.

    --
    The Daddy casts sleep on the Baby. The Baby resists!
    1. Re:Misleading title by deadwill69 · · Score: 2, Interesting

      And how would anyone need to hack a system with no username and/or password:

      "What UpGuard appears to have discovered, sitting on an Amazon cloud storage drive with no password or username required for access by anyone on the internet,"
      https://theintercept.com/2017/...

      I don't think anyone needs to hack that to get it.

    2. Re:Misleading title by evolutionary · · Score: 3, Interesting

      "Leak" (not "leaked" as is deliberately published) was use to indicate something like a leaky faucet. There is a relatively formal term in the IT security field called "data leakage" which means sensitive data creeping outside of company/owner boundries without the intent of the owner Whether it be through casual email, carelessly posting files to a public server for at home convenience, or sending out files into a public space without encryption/password. The new buzzword for this rapid growing field of data loss (or leakage) prevention is DLP. (Data Loss Prevention)

      What the article is saying is the firm was as careless with their collected data as many people are when posting on facebook. It didn't even have to be "hacked" it was wide open. BTW, the claim that to the best of their knowledge only one person has accessed that data is a pretty lame response. The fact that the data was publicaly exposed for anyone to see at all shows amateur level of negligence.

      People with this mass amount of data should have better protocols for data exchange of authorized parties (obviously).

      There could well be legal repercussions from this because who you vote for is the most sacred form of privacy in a democracy. This compromises people's ability to vote without possible retaliation from friends, colleagues, employers or even governments. This is a seriously BIG deal. When your voting preferences cannot be kept private, you can't vote freely. I personally believe everyone should vote, but if you voting records are up for grabs in cyberspace, anyone could be pressure you. Hopefully people will stop foolishly giving their voting data or political preferences to marketing firms directly or indirectly. There is being friendly, then there is being careless.

      --
      "Imagination is more important than knowledge" - Einstein
  2. Re: "Leak" by Anonymous Coward · · Score: 1, Interesting

    It contained info on religion, political persuasions, issues that you care about, etc.

    Well... rather it contained their guesses about religion, political persuasions, issues, etc. There's no prohibition against making such guesses about someone. They are probably as you say basing it on donation records, social media scraping, and other voluntary disclosures by individuals.

    I was also curious to see what they thought of me, but as you say it appears there was no leak.

  3. I fail to see the importance of the data by Lucas123 · · Score: 1, Interesting

    The data is relatively common and something you can find in any census or online "white pages," with perhaps the exception of the political party you're registered with. How is this information sensitive in nature?