In June 2017, a spreadsheet containing personal information for more than 198 million USA voters was publicly accessible online for a 12-day period, effectively leaking private information to anyone who looked. An extensive Republican database of information about 198 million Americans was obtained by a security researcher, who found it on an Amazon server, with not even a single password protecting it.
UpGuard Cyber Risk Analyst Chris Vickery discovered the leaked data last week while searching for misconfigured data sources. The amount of information exposed by the incident is tremendous and it gives a fascinating insight into the targeting of voters in the run-up to the election. In December 2015, Chris Vickery, the same UpGuard researcher who discovered this leak, also found an unprotected MongoDB database exposing the details of 191,337,174 United States voters.
The database included a wealth of information attached to 61 percent of the US population including their names, dates of birth, home addresses, phone numbers and voter registration details such as the political party they are registered with.
In March the Information Commissioner's Office (ICO) said it would investigate the use of analytics and personal data to sway voters ahead of last year's European Union referendum. Vickery discovered and reported the server but it's unclear if he was the first to get to the data or if someone else may have had access first.
Although Deep Root Analytics did not gather the data, the company confirmed their ownership of it in a statement to Gizmodo on Friday. The firm said it "builds voter models to help enhance advertiser understanding of TV viewership".
"This was one of the most data rich datasets I've ever found", Vickery told Threatpost.
Some data included which voters are suspicious of Wall Street, or who reluctantly voted for Hillary Clinton or supports Obamacare, he said. Two more columns of data include voters' "modeled ethnicity" and "modeled religion". While accessing the information would have required a specific web address, some security firms have said that hackers from other countries could have found the data easily, if, they had known of its existence. The Republican National Committee hired these firms as President Donald Trump's data team during the 2016 general election.
Facebook and Google aren't the only companies hoovering up every kilobyte of our digital lives-our late-night shopping habits, social-media posts, travel plans, and celebrity obsessions-and turning that personal data into dollar signs. UpGuard listed potential "misuses" of the information, including "the nearly limitless criminal applications of the exposed data for purposes of identity theft, fraud, and resale on the black market".