Registered U.S. voters dating back more than a decade have been exposed in what’s believed to be the largest leak of voter information in history.
A data analytics contractor hired by the Republican National Committee (RNC) left databases containing information about 198 million potential voters open to the public for download without a password, according to a ZDNet report.
The leak helps prove that any political party is susceptible to cybersecurity vulnerabilities, despite the GOP’s insistence that it ran a more secure 2016 presidential campaign than the rival Democratic National Committee (DNC).
Gross negligence by the Democratic National Committee allowed hacking to take place.The Republican National Committee had strong defense!
— Donald J. Trump (@realDonaldTrump) January 7, 2017
The exposed databases belonged to the contractor Deep Root Analytics and contained about 25 terabytes on an Amazon S3 storage server that could be viewed without requiring a user to be logged in. In theory, this means that anyone knowing where to look could have viewed, downloaded, and have potentially used the information for malicious purposes.
The RNC worked closely with Deep Root Analytics during the 2016 election and paid the company $983,000 between January 2015 and November 2016, according to an AdAge report.
The RNC contractor’s remarkably bad security was first discovered by researcher Chris Vickery of the security firm UpGuard. The security firm responsibly disclosed the vulnerability to the RNC, and the server was secured last week prior to making the news public today.
This vast exposure of voter information highlights the growing risk of data-driven campaigning used by both the DNC and RNC. The data in this case contained models about voters positions on different issues, including how likely it is that they voted for Obama in 2012 and whether they were likely to agree with Trump’s “America First” foreign policy talking point.
The leak has essentially exposed more than half of the U.S. population, trouncing the second-largest leak of voter information, the 2016 exposure of 93.4 million Mexican voters.
Perhaps the worst part about all of this is there’s very little voters can do to ensure their information is stored privately and securely. Mashable has reached out to the RNC and Deep Root Analytics for comment, and will update when we hear back.
Update June 19, 2017 (11:56 p.m. ET): Deep Root Analytics sent Mashable the following statement:
“Deep Root Analytics has become aware that a number of files within our online storage system were accessed without our knowledge…We are conducting an internal review and have retained cyber security firm Stroz Friedberg to conduct a thorough investigation. Through this process, which is currently underway, we have learned that access was gained through a recent change in asset access settings since June 1, 2017. We accept full responsibility, will continue with our investigation, and based on the information we have gathered thus far, we do not believe that our systems have been hacked. To date, the only entity that we are aware of that had access to the data was Chris Vickery.”