191 Million U.S. Voters' Personal Info Exposed by Misconfigured Database

Share it on Twitter  
Share it on Facebook  
Share it on Linked in  

Researcher Chris Vickery recently came across a database of 191,337,174 U.S. voter records available online, listing voters' full names, phone numbers, home addresses, mailing addresses, unique voter IDs, state voter IDs, genders, birthdates, registration dates, political affiliations, and voting histories since 2000, Salted Hash and DataBreaches.net report.

"My immediate reaction was disbelief," Vickery told Salted Hash. "I needed to know if this was real, so I quickly located the Texas records and ran a search for my own name. I was outraged at the result. Sitting right in front of my eyes, in a strange, random database I had found on the Internet, were details that could lead anyone straight to me. How could someone with 191 million such records be so careless?"

It's still not clear who owns the exposed database -- despite the fact that the data field labels seem to match those of NationBuilder, company product director Ben Handzo told DataBreaches.net that the IP address didn't match any of theirs.

"While the database is not ours, it is possible that some of the information it contains may have come from data we make available for free to campaigns," NationBuilder founder and CEO Jim Gilliam said in a statement published on December 28, 2015.

"From what we've seen, the voter information included is already publicly available from each state government so no new or private information was released in this database," Gilliam added.

Still, as Vickery noted in a Reddit post, "Our society has never had to confront the idea of all these records, all in one place, being available to anyone in the entire world for any purpose instantly. That's a hard pill to swallow."

And as one commenter wrote in response, "If you ever wanted to know why encryption is important, you are looking at it with this database."

As the evening of December 28, 2015, DataBreaches.net reports, the database is no longer publicly available.

In a similar disclosure earlier this month, Vickery reported that the SanrioTown website had exposed 3.3 million users' personal information, including that of 186,261 children under the age of 18.

Recent eSecurity Planet articles have looked at the top 10 encryption tools you should know, and offered advice on improving database security.