Hackers have deleted a database of potential California voters with more than 19 million entries, demanding around $3,500 to restore it. Researchers at the security firm MacKeeper’s Kromtech research group first noticed the issue, but have not been able to identify the database’s owner to notify them. “We decided to go public to let everyone who was affected know,” said Bob Diachenko, head of communications for Kromtech. Kromtech primarily searches for misconfigured databases on cloud storage accounts that accidentally reveal private information to the public. In early December, they found a misconfigured database on an Amazon cloud account containing what appeared to be information on 19 million Californian citizens, including contact and mailing information as well as voting precinct information. But while the company was investigating the misconfigured files, they noticed the files were suddenly removed and replaced with a ransom note demanding 0.2 bitcoin, or about $3,500.
Cloud storage accounts do not inherently list their owners. Often times, researchers like Kromtech will use the information from the exposed files to find and contact whoever controls the account to correct the security settings.
Kromtech had only had a chance to download one precinct’s worth of data before the ransom note appeared and did not have enough information to figure out who owned the account. Diachenko said Kromtech had contacted California Secretary of State Alex Padilla, who had similarly little luck finding the account holder.