IT security researchers at Kromtech Security Center discovered an unprotected database exposed online due to misconfiguration of CouchDB containing nearly 600,000 records belonging to Alaskan voters. “The exposed data is a larger voter file called Voterbase compiled by TargetSmart, a leader in national voting databases that contains the contact and voting information of more than 191 million voters and 58 million unregistered, voting age consumers,” said researchers. The database with 593,328 records was available to the public for anyone to download without any security or login credentials. Each record contained names, date of birth, addresses, voting preferences, marital status, income details, children’s age, gun ownership related data and points which might help decide what issue the voter might be appealed to. TargetSmart CEO Tom Bonier blamed a third-party firm for the incident and told ZDNetthat “We’ve learned that Equals3, an AI software company based in Minnesota, appears to have failed to secure some of their data and some data they license from TargetSmart and that a database of approximately 593,000 Alaska voters appears to have been inadvertently exposed.”
He also claimed that the exposed database was not accessed by anyone else other than the researchers who discovered it and TargetSmart’s team. “None of the exposed TargetSmart data included any personally identifiable, non-public financial data,” Bonier said.
In an email conversation, Rich Campagna, CEO at Bitglass told HackRead “It doesn’t take much for outsiders – malicious or not – to find unsecured data stores such as the one that housed the voter records on over a half-million Americans. Where data is publicly accessible because of accidental upload or misconfiguration of a database like CouchDB, outsiders don’t need a password or the ability to crack complex encryption to get at sensitive information.
Full Article: Alaska Voter Database Exposed Online.