If you’re registered to vote, you may be one of the more than 191 million U.S. citizens whose personal information was exposed through a misconfigured database that’s just been discovered.
Names, dates of birth, home addresses, and phone numbers were all easily accessible when researcher Chris Vickery stumbled onto the extensive mine of voter information. This discovery led to a collaborative investigation between Vickery and the folks at databreaches.net, which has so far failed to uncover the culprit of the mass exposure.
So far, Vickery and his contacts have been able to draw few conclusions, other than that the information likely started at NationBuilder. Tags and information construction have elements unique to their databases, but that doesn’t mean the leak originated there. The most likely culprit is someone who purchsed access to the information from them.
When attempts to contact the service failed, Vickery’s allies at databreaches.net reached out to the FBI and other concerned authorities. By the time someone from NationBuilder responded, it was with a simple assurance that the IP address on which the data was found was not owned by them or anyone they were hosting. NationBuilder isn’t obligated to share information about past clients — or even to alert them to the problem — so the response was expectedly tight lipped.
There’s currently no way of knowing how long the information has been available, nor who exposed it in the first place. Possibilities range from hackers to simple lack of security awareness, and the potential sources are legion. We’ll keep an eye on the story and update as details become available.
Follow Nate Church @Get2Church on Twitter for the latest news in gaming and technology, and snarky opinions on both.