A database containing more than half-million voters data is now exposed because of a misconfigured CouchDB instance

Records looked to be a part of the voter base, one of the market’s managing national voter file, comprising the contact and voting information of over 191 million voters, and 58 million unregistered, voting age consumers, compiled and produced by TargetSmart, The head provider of political data and technology.

Shortly after News got the story with the initial events on that breach and a few examples for verification, the database has been individually secured. In order to explain more details as of who was behind the exposure and for how long files for further than half a million US citizens been online.

STATEMENT BY TARGETSMART

We’ve read that Equals3, an AI software firm based in Minnesota, seems to have failed to secure any of their data and some data they permit from TargetSmart, and that a database of nearly 593,000 Alaska voters seems to have been accidentally exposed, but not obtained by anyone other than the security researchers on our team and the team that knew the exposure.  None of the exposed TargetSmart data added any personally-identifiable non-public financial data. And to be clear, TargetSmart’s database and operations are secure and have not been breached.  TargetSmart forces strict contractual duties on its clients regarding how TargetSmart data must be stored and secured and takes these responsibilities seriously.

Equals3 has verified that the file was never obtained by anyone other than the security researcher who took the exposure to our attention, and our team as they studied the exposure. Equals3 assures us that although the data was left open for a time, it has since been taken offline and secured.

We are grateful to the Kromtech security researchers for putting this issue with us.

How did The Breach happen?

It looks that a misconfigured CouchDB situation is once again the culprit. When the database was configured, officials bypassed important security environments that were set to “public” instead of “private”, enabling anyone with an internet connection to gain access the repository. Those who follow cybersecurity news may learn that in early 2017 an estimated 10% of CouchDB servers were victims of ransomware because of the very misconfiguration.

Take your time to comment on this article.

Related posts

NachoVPN Attack Risks Corporate VPN Clients

Sweet Security Introduces Evolutionary Leap in Cloud Detection and Response, Releasing First Unified Detection & Response Platform

Anti-Spam WordPress Plugin Vulnerabilities Risked 200K+ Websites