Nearly 200 million voters were exposed through a server’s misconfigured database

personal voter information exposed upguard discovers smtp server
The sensitive details of roughly 198 million American voters were recently exposed to the internet, including registration details, names, home addresses, phone numbers, and dates of birth. Measuring 1.1 terabytes in size, the unsecured, downloadable data resided on a publicly accessed cloud server managed by Republican data firm Deep Root Analytics (DRA). The data was compiled by DRA along with at least three other Republican contractors, including Data Trust, TargetPoint Consulting, and Causeway Solutions.

The treasure trove of information collected from American voters was discovered in early June by the Cyber Risk Team at cyber resilience company UpGuard. The server resided in Amazon’s Web Services S3 cloud network and hosted data accessible by typing “dra-dw” into the address bar to access the server’s subdomain. Short for Deep Root Analytics Data Warehouse, the “data warehouse” term is commonly used by businesses when storing loads of data for complex analytics purposes.

Along with the voter data, UpGuard’s team discovered directories with names matching “high-powered and influential” Republican political organizations. The firm also stumbled across 24 terabytes of data blocked from public access. Ultimately, Deep Root Analytics stored enough data on its publicly accessed server to generate around 10 billion pages of text, the firm said on Monday.

“Deep Root Analytics confirmed they owned and operated the dra-dw bucket, which was subsequently secured against public access the night of June 14, shortly after [Risk Analyst Chris] Vickery notified federal authorities,” UpGuard added.

So why was all of this sensitive data left unchecked and accessible? In a statement provided by DRA, a change was made in the settings for accessing the server sometime after June 1, exposing the sensitive information. Now, the company is accepting full responsibility, and  conducting a full investigation alongside cyber security firm Stroz Friedberg.

“The data that was accessed was, to the best of our knowledge, proprietary information as well as voter data that is publicly available and readily provided by state government offices,” the company stated. “Based on the information we have gathered thus far, we do not believe that our systems have been hacked.”

The Republican National Committee (RNC) hired analytic firms to better understand voters and alter President Donald Trump’s political run to win the election. Deep Root Analytics created and maintained the nationwide database while Data Trust, TargetPoint Consulting, and Causeway Solutions collected and dumped data into the online repository. According to UpGuard, it was within the “data_trust” folder that Vickery discovered the stored voter information.

Inside this directory was a folder playing host to 256 GB of data from the 2008 presidential election, and another folder containing 233 GB of data from the 2012 election. Both folders contained 51 files — one for each state along with Washington D.C. — and each file contained 32-character alphanumeric numbers assigned to every voter within that state, aka RNC IDs.

Thus, by using one of the RNC IDs, the Republican Party could string data dumps together to pull out a large batch of data tied to a single voter. In addition to the information stated above, the GOP could also tell if the voter was on the federal “Do Not Call” list, gather all mailing addresses, see their self-reported racial demographic, longitude/latitude coordinates, and so on.

The RNC reportedly paid TargetPoint Consulting $4.2 million for “data services” between January 2015 and November 2016. During that time, Causeway received around $500,000 and Deep Root (under the Needle Drop name) received $983,000.

Vickery’s latest discovery follows a leak he found in April 2016 regarding 93.4 million Mexican citizens. Prior to that, he was hired by Mac anti-virus software firm MacKeeper after discovering that the company’s database was open to anyone online.


Playing ‘Battlefield V’ on an $800 Nvidia card is stunning. And disappointing

‘Battlefield V’ is the first game to use Nvidia’s ray tracing support, now available with the RTX 2080 and 2080 Ti graphics cards. The feature can, in an ideal scenario, make the game look better, but the performance hit may not be…

‘Final Fantasy VII Remake’ director sets record straight on game’s progress

Final Fantasy VII Remake director Tetsuya Nomura clarified some information about the game's progress. There were earlier reports that the RPG was put on hold in favor of Kingdom Hearts III, but that is apparently not the case.

Secure your Excel documents with a password by following these quick steps

Excel documents are used by people and businesses all over the world. Given how often they contain sensitive information, it makes sense to keep them from the wrong eyes. Thankfully, it's easy to secure them with a password.

15 tips for keeping your vault-dwellers alive in ‘Fallout Shelter’

The wasteland can be an unfriendly place, if you don't know what you're doing. Here are 15 tips that will help your vault thrive in Fallout Shelter, including information on questing.
Smart Home

Wynd’s new air-purifying bundle lets smart home owners breathe easier

Wynd is already well known in the tech industry for its popular Kickstarter-backed air purifier and now the company is launching two new products designed to improve air quality to inform smart home owners.
Smart Home

All the best Amazon Black Friday deals for 2018

Amazon may be an online-only retailer, but that doesn’t mean its Black Friday sales are anything to sniff at. In fact, due to its online status, Amazon has huge flexibility with the range of products and deals it can offer. Here's our…

HP takes $100 off of leather-clad Spectre Folio 13 bundle for Black Friday

HP is offering a discount to Black Friday shoppers for a bundle that includes its leather-wrapped answer to Apple's MacBook Air. HP is offering a $100 discount on the Spectre Folio 13 when bundled with a mouse and leather sleeve.

Save a heap with these Black Friday 2018 graphics card deals

The Black Friday 2018 sales period is finally here and it's brought with it a tonne of great component deals. We've been scouring websites and catalogs for days to find you the best graphics cards deals for Black Friday 2018.

The best Target Black Friday deals for 2018

The mega-retailer opens its doors to the most competitive shoppers at 6 p.m. on Thursday, November 22, and signs indicate that the retailer means business this year. We've sifted through all of the deals, from consumer electronics to small…

Still miss Windows 7? Here's how to make Windows 10 look more like it

There's no simple way of switching on a Windows 7 mode in Windows 10. Instead, you can install third-party software, manually tweak settings, and edit the registry. We provide instructions for using these tweaks and tools.

Cyber Monday 2018: When it takes place and where to find the best deals

Cyber Monday is still a ways off, but it's never too early to start planning ahead. With so many different deals to choose from during one of the biggest shopping holidays of the year, going in with a little know-how makes all the…

Ditch the passwords and buy Xbox games with just your face

Passwords are the past. The latest version of Windows 10 allows you to sign in with your Microsoft account on the web through Microsoft Edge using Windows Hello or a FIDO 2 Yubikey. 

Canceling Amazon Prime is easy, and you might get a refund

Don't be intimidated. Learning how to cancel Amazon Prime is easier than you might think. You might even get a partial or full refund on the cost, depending on how much you've used it. Check out our quick-hit guide for doing so.

Editing a PDF is easy when you have the right tools in hand

Editing PDF files can be a real pain, but there are a few tricks to make the process a bit easier. This guide will give you three easy methods for how to edit a PDF, two of which work without needing Adobe Acrobat.