Did you vote in a US election sometime this century? If so, your personal info may be out in the open.
Researcher Chris Vickery has discovered that a badly configured database exposed the voter registration info for 191 million Americans, including:
- party affiliations
- state voter IDs.
- Date of birth
- Date of registration
- Phone number
- Detailed voting history since 2000
- Fields for voter prediction scores
Vickery is the same security researcher who uncovered personal details of 13 Million MacKeeper users 15 days ago, which included names, email addresses, usernames, password hashes, IP addresses, phone numbers, and system information.
It’s not clear who originally managed the data, but Vickery and Databreaches.net are reaching out to everyone from online services to Congressional political action committees. The two are also contacting law enforcement in hopes of shutting down the leak, although it’s not certain that officials are taking action.
The consequences of this database falling into the wrong hands could be severe, as you might have guessed. Less-than-scrupulous marketers and political campaigns could exploit the data, and criminals could combine it with other info to commit fraud or theft. It’s a particularly big problem for people who need to keep their details secret, such as stalking victims and police. Beyond this, the leak illustrates the need for stricter, consistent security standards around voter data — while states like California and South Dakota have sharp limits on where records go and what they’re used for, other states (including Alaska, Arkansas and Colorado) have no real restrictions. There’s a real possibility that this kind of incident could happen again.