DecryptedTech

Tuesday04 October 2022

191 Million US Voter Records out on the open web


Reading time is around minutes.

You have to love how easy it is to find information out in the wilds of the internet. In the last couple of weeks a number of cloud-databases have been found to be leaking data to the interment due to an almost total lack of security. The latest one seems to be a group of 191… Million voters in the US. Yup, if you have voted in any election since 2000 your personal information is out there on the open internet. The information that is out contains names, addresses, party affiliation and voter ID numbers… it is not as bad as it could be, but it is still bad.

Once again researcher Chris Vickery has found another data leak… Right now no one knows who owns, maintains or is responsible for the data, but it is continuing to leak information that could be used for a variety of unscrupulous purposes (not just bugging voters). We do know that most of this information is readily available to anyone that wants it. We have been able to get copies of voter information in DVD form just by asking. We did not even need to do much in the way of explaining why we wanted the data. With this type of access common in the US (a few states guard voter data better) it is not surprising that there is something leaking this information.

What makes this even sadder is that the push to cloud based solutions and cloud databases (including medical records) has been so hard. We have been told over and over that our data is safe out there. That somehow it can be better protected in digital form… Simply put, it cannot. The repeated (and massive) leaks, breaches, etc. should be pushing people away from the cloud in droves, but it is not. We are seeing less companies moving from on premises to the cloud and this is a good thing, but it is not enough.

To force cloud providers to improve security they have to feel it in their revenue stream. Even regulations will not push them to do this as they will weigh the financial risks of being fined Vs leaving things as it is. Only when they are not making any money because their clients have left will they put the money towards proper security and data controls. Of course… since this is a US government database there is almost no chance that it will ever be secure and doesn’t that just make you feel good? Think about that the next time they (the US government) say they know what is best when it comes to the Internet, or Security, or Privacy…

Leave a comment

Make sure you enter all the required information, indicated by an asterisk (*). HTML code is not allowed.