We've seen boat loads of personal info dumps online in the last year, but none as bizarre as this: A discovery of personal data from millions of Americans who've voted since 2000, found by a researcher in a sloppily configured database. In other words, it was just hanging out on the web. For unknown reasons. And we have no idea who put it there.
Chris Vickery, an independent researcher and hacker, made the discovery and shared it with DataBreaches.net. He's the same guy who earlier this month discovered that a Hello Kitty database breach exposed over three million community users' personal data, most likely including the information of children.
This mysterious voter database contains a mix of voters' personal and public information including phone numbers, home addresses, party affiliations, email addresses, full names, ethnicity, gender and age. Luckily, Social Security numbers, driver's licence numbers and sensitive financial data were not exposed.
This time, Vickery found his own info in the database, and reporters at Forbes, CSO Online, and DataBreaches.net found personal info of their own, too. No one's claimed the database, though. CSO reached out to political tech firms like Catalist, Political Data, Aristotle, L2 Political, and NGP VAN, who all denied the database (still online) is theirs.
In the US, voter records are public information, and individual state laws usually govern how information from a state's voter list may be used. For example, political campaigns can mine the lists for for targeted mailings.
In this odd case, it seems someone must have collected loads of records from different places and then synthesised into one central database. Why? We may never know.
Top image: Shutterstock