Alleged voting records of millions of American citizens have been uploaded to the dark web on a site affiliated with a well-known cybercrime forum. Although the information is not particularly sensitive in its own right, its presence on the site shows that even easily obtainable personal data can be of interest to hackers. The datasets appear to include voters’ full names, dates of birth, the date they registered to vote, addresses, local school districts, and several other pieces of information. The dumps also include voting records from previous elections and political affiliations. The two largest files are 1.2 GB and 1 GB, respectively, and each contain at least a million entries. The folder containing the files is called “US_Voter_DB,” though Motherboard could not independently verify the contents’ legitimacy. It’s not entirely clear where the data was sourced from. On December 28 last year, news site CSO Online reported that a database configuration issue had left 191 million voter records exposed to the open internet. That data was discovered by security researcher Christopher Vickery, who found his own personal information within the dump.
But as DataBreaches.net notes, depending on the state, lists of voter registration information can also be obtained from the government, and combined with other datasets to build a more complete picture of a person’s life. Indeed, much of the data appears to be related to voters in Ohio, where voter records are made available online. DataBreaches.net told Motherboard in a Twitter message that “states need to be more protective of voter reg. data.”
While the data does not contain particularly sensitive data such as social security numbers or credit card information, it’s clearly still considered valuable.
A security researcher with knowledge of the underground data market told Motherboard hackers could potentially use the data for “mostly phishing and also the capacity for vengeful skids to dox people.”