Unsecured, unclaimed database leaves 191 million US voter registration records open to all

Shawn Knight

TechSpot Staff
Staff member

A well-known security researcher has discovered an unsecured database containing 191 million US voter registration records. The data includes names, addresses, dates of birth, phone numbers, party affiliations and even logs of whether or not voters had participated in primary or general elections.

The validity of the data has been confirmed by several publications including Forbes. Chris Vickery told the publication he has at his disposal 300GB of voter data which seems to date back to 2000.

Fortunately, sensitive data including social security numbers and financial details aren't included in the database.

The pressing question at this hour relates to pinning blame on the person(s) responsible for the database misconfiguration.

Vickery and DataBreaches.net both reached out to NationBuilder, a service that helps set up digital campaigns for various political parties. A representative for the company said the IP address associated with the database didn't belong to them. CSO reached out to Aristotle, Catalist, L2 Political, NGP VAN and Political Data, all of which denied ownership of the database.

As Forbes correctly points out, much of the information in the database is publicly available to campaigners although some services charge a lot of money for access. Scammers and marketing firms are likely to get the most use out of it, assuming of course that they can replicate Vickery's steps to hunt it down.

Thumbnail courtesy Thinkstock, lead image via John Moore, Getty Images

Permalink to story.



TS Enthusiast
It's important for people to understand that this type of information has been stolen from all of us for years. with that in mind we need to address the question of

Secure Computing in a Compromised Environment

a general adoption of proper digital authentication procedures will be necessary . this will require training for our young people coming though school and assistance for folks who need help .

the methodology is already here:
1. use a secure O/S . a secure O/S is one which will not allow itself to be compromised by the activity of an application program . this concept was introduced with IBM/360 in 1964 and has been unfortunately ignored by some software developers

2. authenticate transactions. folks may want to use theri own PGP key -- or -- short of that -- a process for validating x.509 certificates will be needed .


Well we already know that Hillary likes to set up her own servers (which in her case was a crime that no one is paying attention to); so who knows who did this. Maybe it was done on purpose as to point a finger to her?

Bill Powell

TS Rookie
I can see one thing this kind of list would be really good for. If you wanted to send folks in to vote more than once, it would be really handy to know whose name you could present, whether or not they normally voted and, which party's ballot you would ask for. But then, there is no such thing as voter fraud we're told.