The personal data of 191 million voters has been publicly exposed on the Internet in a database breach, security bloggers and researchers have claimed.
The information includes the names, home addresses, voter identifications, phone numbers, date of birth and party affiliation of voters, along with a detailed history of voting since 2000, said
The Hill.
While voter registration lists are public records in many states, there are guidelines restricting access and use.
"In California, information on voter registration cards is considered confidential, and subject to many restrictions to access and use," said the website
Databreaches.net. "One of the restrictions is that the information may not be made available to persons outside the U.S."
"And in Hawaii, voter registration information may only be used for elections and by the government. But for the most part, not only can political organizations acquire information about you, they may be able to post it publicly, or even create an app with the information."
Databreaches.net said researcher Chris Vickery brought the breach to its attention, pointing to a "misconfigured database" that had information on more than 191 voters. The site said Steve Ragan of Salted Hash also investigated the leak.
"My immediate reaction was disbelief," said Vickery, according to
CSO. "I needed to know if this was real, so I quickly located the Texas records and ran a search for my own name. I was outraged at the result."
"Sitting right in front of my eyes, in a strange, random database I had found on the Internet, were details that could lead anyone straight to me. How could someone with 191 million such records be so careless?"
Databreaches.net said it believes the database belongs to the software company Nation Builder or one of its clients, but the company has denied it. The website said it turned over its information to the FBI in New York and the California attorney general's office.
"Although we were – and remain – pretty certain that the database involves Nation Builder's data because of unique data field labels and because the numbers match their database as it was in March, 2014, we had hit a dead end there," said Databreaches.net.
Related Stories: