In terms of security, common users (like us) are all prone to vulnerabilities. More often than we expect. The more private information we share about ourselves, the more exposed to breaches we are. In this line of thinking, we shouldn’t be that surprised when we read news about private databases being exploited by malicious actors or simply leaked in the wild.
However, the revelation made by security researchers Chris Vickery, Steve Ragan, and DataBreaches.net made us shiver with anxiety. The security experts have just identified a misconfigured database, consisting of personal details of exactly 191,337,174 US voters, or over 300 GB worth of data. If we didn’t live in the age of privacy hoaxes, we would have been deeply shocked and worried.
More Security-Related Stories:
30 Thousand Accounts Compromised in WP Engine Data Breach
70 Libraries Prone to Serious Java Deserialization Vulnerability
When was the vulnerable database disclosed?
The researcher discovered the database just recently – on December 20 2015. It contains lots of personal details such as:
- Full names;
- Voter IDs;
- Home addresses;
- Email addresses;
- Phone numbers;
- Party affiliations;
Luckily, social security numbers and driver’s license numbers were not included in the database, nor were banking details.
Unluckily, the database is still accessible in the online space. As to why – the investigation couldn’t confirm the owner. However, the researchers had suspicions pointing towards the Nation Builder platform. Because they couldn’t certify their doubts, the database remained available. The investigation itself took about a week to complete.
Due to the fact that the researchers didn’t single-handedly endorse the owner of the databases, they contacted the FBI, NY office, and California Attorney General’s Office. Their initial suspicions linking the database with Nation Builder appeared to be justified.
What is the Nation Builder platform?
Nation Builder is software that is used by both political campaigns and nonprofit organizations:
The #1 platform used by political campaigns worldwide, NationBuilder gets you up and running immediately with action websites, fundraising, email blasting, scannable walksheets, mobile canvassing applications, and free voter data.
The most advanced and affordable software to raise more money, engage supporters, and mobilize volunteers. NationBuilder provides interactive websites, a dynamic people database, communications and donations, all in one place, starting at $29/month. (from http://nationbuilder.com/)
Later on, the researchers made contact with Nation Builder. The corporation replied that the IP of the database didn’t belong to them or their clients.
Nonetheless, the research team wasn’t convinced and continued believing that the database was either sold to Nation Builder or distributed by them. The reason for their conviction? They discovered data field labels within the database, that was unique to Nation Builder’s structures. In addition, the total number of files corresponded to Nation Builder’s count from March 2014.
Interestingly enough, Nation Builder’s founder and CEO Jim Gilliam later admitted that parts of the data may originate from their database, as reported by SecurityWeek. The platform grants free access to the information to some political campaigns.
Did you know?
Sustaining voter databases is a typical practice in the United States, and likely in other countries around the world. Most states have different sets on how to operate with such databases, and what type of information should be public or private.
However, when the time comes, such databases are aggregated and possibly sold to authorized parties, which may be:
- Political parties;
- Not-for-profit organizations;
- Legal representatives.