Security researchers from Anomali and Intel 471 made a troublesome discovery regarding personally identifiable information belonging to US residents. The researchers came across Dark Web communications that offered “a large quantity of voter databases for sale”.
Personally identifiable information and voting history is included in the databases. Pelo visto, finalmente 19 states appear to be affected, e 23 milhão de registros para três dos 19 estados.
Millions of Names, Phone Numbers and Voting Histories Sold
The data that is being offered for sale comes from updated statewide voter lists, and includes millions of full addresses, números de telefone, e nomes. It also appears that the seller receives weekly updates of voter registration data across the United States, and that the data is received via contacts within the state government. Os pesquisadores também Nota este:
Certain states require the seller to personally travel to locations in-state to receive the updated voter information. This suggests the information disclosure is not necessarily a technical compromise but rather a likely targeted campaign by a threat actor redistributing possibly legitimately obtained voter data for malicious purposes on a cybercrime forum.
This dataset may represent “the first reference on the criminal underground of actors selling or distributing lists of 2018 voter registration data” that includes the personal and voting information of US citizens.
With the upcoming November 2018 midterm elections in the US, the addition of these voter records to other breached data, could result in malicious actors disrupting the electoral process or seeking large-scale identity theft, os pesquisadores alertaram.
No 2015, security experts identified a misconfigured database, consisting of personal details of exactly 191,337,174 eleitores norte-americanos, or over 300 GB worth of data.
De fato, sustaining voter databases is a typical practice in the United States. Most states have different sets on how to operate with such databases, and what type of information should be public or private.
Contudo, when the time comes, such databases are aggregated and possibly sold to authorized parties, which may be political parties, not-for-profit organizations, scholars, jornalistas, or legal representatives.