Oops!… They did it again. For what seems like the billionth time, U.S. voter records have been exposed, this time targeting Alaska. A cache of voter records containing the personal information of nearly 600,000 voters in Alaska was inadvertently exposed online. The culprit? An unsecured CouchDB database. And just, you know, a giant oversight. The cause of the hack was discovered by researchers at the Kromtech Security Research Center, who determined that the database of about 593,000 voters (that’s every registered voter in the state of Alaska) was accidentally configured for public access. That means it was just out there, floating in the breeze without any sort of password protection or security wall, making it accessible to anyone who knew where to look. No logging in, no verification, nada.
The exposed records contained the usual sensitive data of prospective voters including names, addresses, dates of birth, ethnicity, marital status and voting preferences. This time, though, it went deeper than that. They also contained extremely personal information such as household income, the age ranges of children, whether the person is a homeowner and stances on controversial issues such as climate change, gun control and tax reforms.
The voter database had been compiled by the leading broker of voter data TargetSmart, but appears to have been stored in a misconfigured online database by the marketing group Equals3 which purchased the list from TargetSmart.
“In this era of pervasive data-driven sales, marketing and operations, data is the raw material for successful businesses and political campaigns,” said Zohar Alon, co-founder and CEO, Dome9. “It is more important than ever to define strict controls and practices for the handling of sensitive data, especially when there are multiple vendors touching the data.”