Consulting Firm Leaked Data Of Democratic Party Fundraisers In Unsecured NAS Device

  • 100
  •  
  •  
  •  
  •  
  •  
  •  
    100
    Shares

As the US elections are nearing, reports about hacks and data breaches involving political parties seem to repeatedly surface online. Recently, a researcher has discovered an unsecured NAS device exposing a large chunk of sensitive data online. The device allegedly belonged to a consulting firm that handles the data of Democratic Party fundraisers.

Democratic Party Fundraisers Data Leaked Online

Researcher Bob Diachenko allegedly stumbled upon an unsecured instance of Buffalo TeraStation NAS device. While finding an unprotected Buffalo TeraStation NAS isn’t surprising, what caught his eye is the type of data the device leaked. Upon investigation he found the data belonged to a consulting firm managing Democratic Party Fundraisers.

According to his findings, the NAS device belonged to Rice Consulting who are based in Maryland. The data leaked here included sensitive information about the political fundraisers. These details include names, contacts numbers, email addresses, physical addresses, and companies of fundraisers, in addition to other stuff such as meeting notes, contracts, backups, and employee details, etc.

Moreover, the device also held other sensitive stuff that was exposed online. As listed by Diachenko,

“The most significant asset available for public were passwords to database resources, including access details to NGP (a privately owned voter database and web hosting service provider used by the American Democratic Party, Democratic campaigns, and other non-profit organizations authorized by the Democratic Party), MDVAN (Maryland Voter Activation Network), DLCC (Democratic Legislative Campaign Committee) and email accounts (incl DNC, Democratic National Committee email accounts).”

What’s more ironic is that all this data was simply stored unencrypted in the device, in plain text Excel files!

Researcher Noticed Weird Response Of Rice Consulting

Diachenko stated that he discovered the unsecured NAS device leaking the data on October 17, 2018. After discovering the data, the researcher reached out to the said firm to inform them of the vulnerability. He did not receive any response from the firm officials to his calls and emails.

However, contacting anybody at the consulting firm seemed impossible. Nonetheless, after a day, he received a mere “thank you note” from the consulting firm when he noticed that they disabled the public access to the data.

Although the firm fixed the matter, the strange response to this matter by the officials is noteworthy. Commenting about this reaction, he said,

“I agree that with so many unreliable emails floating around, sometimes it is difficult to discern what is legitimate and what is not. But it is not so hard to at least listen to a messenger.”

Take your time to comment on this article.

The following two tabs change content below.
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]
Avatar

Abeerah Hashim

Abeerah has been a passionate blogger for several years with a particular interest towards science and technology. She is crazy to know everything about the latest tech developments. Knowing and writing about cybersecurity, hacking, and spying has always enchanted her. When she is not writing, what else can be a better pastime than web surfing and staying updated about the tech world! Reach out to me at: [email protected]

Do NOT follow this link or you will be banned from the site!