Skip to main content

Nearly 200 million voters were exposed through a server’s misconfigured database

personal voter information exposed upguard discovers smtp server
Image used with permission by copyright holder
The sensitive details of roughly 198 million American voters were recently exposed to the internet, including registration details, names, home addresses, phone numbers, and dates of birth. Measuring 1.1 terabytes in size, the unsecured, downloadable data resided on a publicly accessed cloud server managed by Republican data firm Deep Root Analytics (DRA). The data was compiled by DRA along with at least three other Republican contractors, including Data Trust, TargetPoint Consulting, and Causeway Solutions.

The treasure trove of information collected from American voters was discovered in early June by the Cyber Risk Team at cyber resilience company UpGuard. The server resided in Amazon’s Web Services S3 cloud network and hosted data accessible by typing “dra-dw” into the address bar to access the server’s subdomain. Short for Deep Root Analytics Data Warehouse, the “data warehouse” term is commonly used by businesses when storing loads of data for complex analytics purposes.

Along with the voter data, UpGuard’s team discovered directories with names matching “high-powered and influential” Republican political organizations. The firm also stumbled across 24 terabytes of data blocked from public access. Ultimately, Deep Root Analytics stored enough data on its publicly accessed server to generate around 10 billion pages of text, the firm said on Monday.

“Deep Root Analytics confirmed they owned and operated the dra-dw bucket, which was subsequently secured against public access the night of June 14, shortly after [Risk Analyst Chris] Vickery notified federal authorities,” UpGuard added.

So why was all of this sensitive data left unchecked and accessible? In a statement provided by DRA, a change was made in the settings for accessing the server sometime after June 1, exposing the sensitive information. Now, the company is accepting full responsibility, and  conducting a full investigation alongside cyber security firm Stroz Friedberg.

“The data that was accessed was, to the best of our knowledge, proprietary information as well as voter data that is publicly available and readily provided by state government offices,” the company stated. “Based on the information we have gathered thus far, we do not believe that our systems have been hacked.”

The Republican National Committee (RNC) hired analytic firms to better understand voters and alter President Donald Trump’s political run to win the election. Deep Root Analytics created and maintained the nationwide database while Data Trust, TargetPoint Consulting, and Causeway Solutions collected and dumped data into the online repository. According to UpGuard, it was within the “data_trust” folder that Vickery discovered the stored voter information.

Inside this directory was a folder playing host to 256 GB of data from the 2008 presidential election, and another folder containing 233 GB of data from the 2012 election. Both folders contained 51 files — one for each state along with Washington D.C. — and each file contained 32-character alphanumeric numbers assigned to every voter within that state, aka RNC IDs.

Thus, by using one of the RNC IDs, the Republican Party could string data dumps together to pull out a large batch of data tied to a single voter. In addition to the information stated above, the GOP could also tell if the voter was on the federal “Do Not Call” list, gather all mailing addresses, see their self-reported racial demographic, longitude/latitude coordinates, and so on.

The RNC reportedly paid TargetPoint Consulting $4.2 million for “data services” between January 2015 and November 2016. During that time, Causeway received around $500,000 and Deep Root (under the Needle Drop name) received $983,000.

Vickery’s latest discovery follows a leak he found in April 2016 regarding 93.4 million Mexican citizens. Prior to that, he was hired by Mac anti-virus software firm MacKeeper after discovering that the company’s database was open to anyone online.

Kevin Parrish
Former Digital Trends Contributor
Kevin started taking PCs apart in the 90s when Quake was on the way and his PC lacked the required components. Since then…
Best Chromebook Cyber Monday deals on HP, Lenovo, and more
Digital Trends Best Cyber Monday Chromebook Deals

Cyber Monday deals are online, making this the perfect time to grab a new laptop, especially if you're thinking about getting a Chromebook. They're easy to set up, simple to use, and affordable, making the Chrome OS-powered devices perfect for students and casual users.

If you do want a more premium laptop, but with up to $1,000 off of a high-powered laptop, we highly recommend you check out these Best Buy Cyber Monday laptop deals, or Cyber Monday laptop deals and Cyber Monday MacBook deals, for PC and MacOS respectively.
Best HP Chromebook Cyber Monday Deals

Read more
Best Cyber Monday laptop deals: Dell, HP, Lenovo, and more
Digital Trends Best Black Friday Laptop Deals

Since Cyber Monday deals are going strong, it's the perfect time to buy new tech like laptops. We've seen some fantastic deals over the past week, and there are no signs that the bargains are slowing down. There are some amazing laptop deals right now from a wide variety of retailers, and we've collected our favorites below. You'll see the best of Amazon Cyber Monday laptop deals and Best Buy Cyber Monday laptop deals. We've pulled from a ton of different brands, all from the PC side, but if you want Cyber Monday MacBook deals, check out that list too.
Top 3 Cyber Monday laptop deals
HP 17-inch laptop -- $250, was $500

Currently heavily discounted as part of HP laptop Cyber Monday deals, the HP 17-inch laptop is ideal for anyone on a slim budget. It looks more expensive than it is thanks to having a 17-inch HD+ screen with 1600 x 900 and 250 nits of brightness. That extra room also means the keyboard is roomier with a numeric pad to the right of it that's ideal for entering a lot of data. The laptop has an AMD Athlon Gold 7220U processor along with 8GB of memory and 128GB of SSD storage. It also has a lift-hinge to ensure you can type at a more natural position.

Read more
Microsoft Surface Cyber Monday deals: Surface Pro, Surface Laptop
Best Black Friday Microsoft Surface Deals

There are massive discounts available on nearly every electronic device during Cyber Monday deals week, which includes savings through our roundup of Cyber Monday laptop deals. We're taking a closer look at the offers by highlighting Microsoft Surface products, which consistently challenge the line between being 2-in-1 laptops and tablets. We're going to separate Surface Pro deals and Surface Laptop deals, but either way, you need to complete your purchase immediately as stocks of Microsoft Surface Cyber Monday deals may already be running low.
Best Microsoft Surface Pro Cyber Monday deals

As far as Microsoft Surface Pro deals go, the vast majority of offerings will be on variations of the Microsoft Surface Pro 9, as the older models have gone out of stock in large numbers. Though we have found deals on these older models, it is true that our favorite deal is on a Surface Pro 9. Specifically, the version with 16GB of memory, 256GB of SSD storage, an Intel Core i5 processor, and the Surface Pro Keyboard. It's got quality specs and the savings are just perfect at $540 off, bringing the $1,540 laptop down to just $1,000. Check it out yourself by tapping the button below, and be sure to check out our Microsoft Surface Pro 9 review to get the full scoop on the laptop.

Read more