This isn’t a good time to be accused of tampering with voters’ personal information, but that hasn’t stopped yet another “person who should know better” from leaving their Amazon S3 server exposed and unprotected. This time, the villain is one of those companies that dials your phone number against your will to speak to you with a recorded message.
Robocent, who sells voter demographic information to any interested parties for a mere three-cents per person, failed to adequately secure its Amazon web hosting server. The trove of hundreds of thousands of US voters’ records was left open to anyone who wanted to take a peek.
When contacted by one of the companies who discovered the compromised data, Robocent’s IT spokesman’s official response was far from reassuring. According to Bob Diachenko for Kromtech Alliance Corp, the spokesperson simply responded, “We’re a small shop (I’m the only developer) so keeping track of everything can be tough.”
According to Diachenko, the compromised data included names, addresses, “gender, phone numbers, age, and birth year, as well as a jurisdiction breakdown based on district or zip code and other demographics, like ethnicity, language spoken, and education.”
Unfortunately, Diachenko knows he is not the first person to discover these files while conducting a sweep of unsecured Amazon buckets. At least one other entity, GrayhatWarfare, discovered the records.
Truly alarming were the categorizations associated with the different voters. In a separate spreadsheet column, each entry contained information on how they were allegedly likely to vote, as in, were the die-hard voters for one party or likely to change their mind with for right candidate.
This is by far not the largest data breach involving voter records, but the fact that a) it’s still happening and b) unsecured Amazon S3 servers continue to be a problem for companies–despite all the previous examples of companies doing this–is perhaps more alarming than any breach of publicly available information.