Earlier this month, it was reported that hackers had infiltrated the Philippines’ Commission on Elections database and leaked the personal information of up to 55 million people. Now, Mexico has become the latest country to have its entire voter database posted online.
It was Chris Vickery, a security reseacher at MacKeeper, who discovered the collection of records on April 14. Vickery, who is known for uncovering breaches such as the Hello Kitty hack last year, was browsing using Shodan, a search engine for Internet-connected devices and servers, when he stumbled upon the 100GB+ database.
The data contained the information of every Mexican citizen registered to vote as of February 2015, including their names and addresses, occupations, dates of births, unique voting numbers, and the names of their parents.
After making the discovering, Vickery informed several authorities, including the US State Department, the Department of Homeland Security, the U.S. Computer Emergency Readiness Team, and The Mexican Embassy in Washington, but the information remained online.
While speaking about his research during a visit to Harvard, Vickery mentioned the leak. A student from Mexico was able to verify the accuracy of his father’s record, and a faculty member gave Vickery the names of people he should contact. Eventually, news of the leak reached the Mexican National Electoral Institute (INE), which confirmed the database’s authenticity and removed on April 22 from the Amazon Web Servers.
Vickery believes that the leaked information could have resulted in crimes much worse that identity theft.
“The existence of this database is, itself, a violation of federal Mexican law. The server is, at this very moment, allowing the public to copy 93.4 million voter registration records. Under Mexican law, these records are ‘strictly confidential,’” he wrote in a message to Amazon. “People’s lives are at stake here. Kidnapping is a considerable problem in Mexico. Right now one of your servers is handing out the home addresses of 93.4 million Mexicans. Is Amazon seriously not willing to do anything about this?”
In a recent update from databreaches.net, it appears that the INE has identified the source of the leaked information but isn’t announcing it yet. Copies of the information provided to Mexican political parties are electronically watermarked, which allowed the organization to trace the database back to the owner. A criminal probe has now been launched.