Misconfigured Database Exposes Data of 191 Million Voters

In what could be one of the largest database leaks ever, a massive database containing some 191 million voter records is in the wild and completely accessible, without anyone taking any ownership for it.

Independent researcher Chris Vickery stumbled upon a massive database containing the records of nearly 200 million American voters. Upon sharing his findings with Databreaches.net, a search ensued to find the owner of the database, with no leads, as reported by CSOonline.

When Vickery contacted Salted Hash, a popular cybersecurity blog housed under CSOonline, the researcher was able to contact the author of the blog with his personal voter record, neatly preserved in the database. It certainly proved the authenticity of the data contained in the database.

As the one to first discover and reveal the presence of the database to the mainstream eye, Vickery was asked what his reaction was when he discovered his own record in the database.

My immediate reaction was disbelief.

I needed to know if this was real, so I quickly located the Texas records and ran a search for my own name. I was outraged at the result. Sitting right in front of my eyes, in a strange, random database I had found on the Internet, were details that could lead anyone straight to me. How could someone with 191 million such records be so careless?

The details contained in the database are:

  • Voter’s full name. (That’s first, middle and last name, in its entirety.)
  • Home address
  • Mailing address
  • Unique voter ID
  • State voter ID
  • Gender
  • Date of birth
  • Date of registration
  • Phone number
  • A yes/no field if the number is on the do-not-call list.
  • Political affiliation
  • A detailed voting history all the way from 2000

While the database does not contain Social Security Numbers nor important identification records such as driver license details, it still exposes plenty.

The staggering public reveal of the database is certain to have opportunistic data miners and marketers come looking. While the researcher and CSOonline reached out to a number of firms who may be responsible for owning the database, nobody has claimed the database to be theirs.

Questions will be asked and there will be a search to find out who left such a comprehensive database to be open and available to anyone on the internet. That being said, if you’re a registered voter in the United States, your data has already been exposed.