Another US Voters Data Leak Via Tea Party PAC Misconfigured S3 Bucket

We already know of several instances where Amazon S3 buckets have leaked data. However, this time, the news comes as another blow to US voters. As discovered, the Tea Party PAC (or the Tea Party Patriots Citizen Fund (TPPCF)) publicly exposed around half a million US voters data through its Amazon S3 bucket. Thankfully, TPPCF has now closed the leaky server.

Massive US Voters Data Leak Through An Unprotected Tea Party PAC Server

Around two months ago, the Cyber Risk team at UpGuard found a publicly accessible Amazon S3 bucket that exposed a large database. Upon scratching the surface, they discovered that the data supposedly belonged to the Republican Tea Party PAC. Reportedly, the leaky server contained the data of around half a million American voters.

UpGuard revealed their findings in a breach report published on their site. According to their report, they discovered around 2GBs of data on a misconfigured Amazon S3 bucket. The researchers then downloaded the data and analyzed it to trace out the source. Consequently, they could establish that the data belonged to the Tea Party Patriots Citizens Fund (TPPCF).

Regarding the data exposed from the server, UpGuard reported that it primarily consisted of images and PDF files. Of these, the majority of these files dated around the US Elections 2016. Whereas, the remaining data dealt with other election campaigns. As stated in their report,

“The 2GB of exposed data can be broken down roughly into three categories: Call Data – PDF files containing the names and numbers of nearly 527,000 individuals. Strategy Documents – PDF files containing instructions, scripts, guidelines and other administrative details on messaging, focus, and direction. Marketing Assets – Images and PDF documents intended for end-user distribution with messaging, campaign strategies, TPPCF activity and efforts, and other assets intended to influence potential voters.”

Server Closed Down After Report

UpGuard reportedly discovered the exposed database on August 28, 2018. After analyzing the data for the source, they informed TPPCF of the vulnerability on October 1, 2018. Within a few hours, TPPCF changed the server configurations allowing access to Amazon accounts only. However, the data still remained vulnerable to unauthorized access. They eventually halted all access to the server by October 5, 2018.

While emphasizing on the significance of this incident, UpGuard stated,

“As valuable as this data might be to political parties and the companies who profit from its sale, like any modern dataset, it is also subject to the inherent risks of the infrastructure on which it lives… The presence of the names and phone numbers of nearly 527,000 Americans makes this more than an exposure of organizational data, but a breach of privacy for people singled out by political analysis systems as high value targets for TPPCF’s efforts… As political data becomes ever more integral to the political process, the integrity of that data must be protected with the same urgency with which it is acquired and used.”

What makes this incident is more important is its report alongside the breach of 35 million records of US voters data, and its subsequent sale on the dark web.

Related posts

Water Facilities Must Secure Exposed HMIs – Warns CISA

Microsoft December Patch Tuesday Arrived With 70+ Bug Fixes

NachoVPN Attack Risks Corporate VPN Clients