A well-known security researcher has discovered an unsecured database containing 191 million US voter registration records. The data includes names, addresses, dates of birth, phone numbers, party affiliations and even logs of whether or not voters had participated in primary or general elections.
The validity of the data has been confirmed by several publications including Forbes. Chris Vickery told the publication he has at his disposal 300GB of voter data which seems to date back to 2000.
Fortunately, sensitive data including social security numbers and financial details aren't included in the database.
The pressing question at this hour relates to pinning blame on the person(s) responsible for the database misconfiguration.
Vickery and DataBreaches.net both reached out to NationBuilder, a service that helps set up digital campaigns for various political parties. A representative for the company said the IP address associated with the database didn't belong to them. CSO reached out to Aristotle, Catalist, L2 Political, NGP VAN and Political Data, all of which denied ownership of the database.
As Forbes correctly points out, much of the information in the database is publicly available to campaigners although some services charge a lot of money for access. Scammers and marketing firms are likely to get the most use out of it, assuming of course that they can replicate Vickery's steps to hunt it down.
Thumbnail courtesy Thinkstock, lead image via John Moore, Getty Images