If you've voted in a US election at some point in the last 15 years, there's a high chance that your personal details are now out in the wild. Security researcher Chris Vickery found a misconfigured database that exposes the details of no less than 191 million US voters.
The discovery was made a little over a week ago, and includes the names, addresses, phone numbers, email addresses, state voter IDs, and party affiliations of people registered to vote since the year 2000. The amount of detail contained in the database gives real cause for concern, and Vickery was shocked to find his own details were easily accessible due to a database misconfiguration.
DataBreaches.net -- which has seen the data collected by Vickery -- says it includes valuable data that could easily be matched up with information from other databases to show whether a voter is a gun owner, what their religious persuasion is, and how they have voted in the past. The site also reveals how the private details of a police officer who has no publicly listed phone numbers or addresses found his data in the list.
At the moment it is unclear who is responsible for the database mishap, but there is an investigation underway by Vickery, DataBreaches.net, and Steve Ragan of Salted Hash. There is some comfort to be gleaned from the fact that social security numbers and driving license details have not been exposed, but there is no getting away from the fact that this is a serious issue.
Speaking to Ragan, Vickery said:
My immediate reaction was disbelief. I needed to know if this was real, so I quickly located the Texas records and ran a search for my own name. I was outraged at the result. Sitting right in front of my eyes, in a strange, random database I had found on the Internet, were details that could lead anyone straight to me. How could someone with 191 million such records be so careless?
What is especially concerning is that the exposed database remains online, and there is no way to know whether the data has fallen into the wrong hands or has already been abused. The California Attorney General’s Office as well as FBI NY field office and IC3 have all been contacted, but there are currently no updates about any progress that has been made in securing the databases.
For now, we'll leave the final word to Ragan -- but hopefully there will be positive news to update this article with soon:
Because the information Vickery discovered is in a database available to anyone on the Internet who knows how to find it, it's essentially unrestricted data.
Photo credit: Niyazz / Shutterstock