The voter information for approximately 35 million US citizens is being peddled on a popular hacking forum, two threat intelligence firms have discovered. “To our knowledge this represents the first reference on the criminal underground of actors selling or distributing lists of 2018 voter registration data,” said researchers from Anomali Labs and Intel471, the two companies who spotted the forum ad. The two companies said they’ve reviewed a sample of the database records and determined the data to be valid with a “high degree of confidence.” Researchers say the data contains details such as full name, phone numbers, physical addresses, voting history, and other voting-related information. It is worth noting that some states consider this data public and offer it for download for free, but not all states have this policy.
… The seller revealed the voter records count for only three of the databases –Louisiana (3 million), Wisconsin (6 million), and Texas (14 million)– totaling 23 million records. He is asking for $42,200 for all 19 databases.
“We estimate that the entire contents of the breach could exceed 35 million records,” said Anomali Labs researchers.
Users commenting on the forum suggested this might be the data that was leaked in the Robocent incident in June, but the person who’s selling the voter data claimed that “data is refreshed each Monday of every week,” suggesting that he either still has access to the compromised servers or a way to receive these updates through other means.
Full Article: US voter records from 19 states sold on hacking forum | ZDNet.