Trump Site Alleging AZ Election Fraud Exposes Voter Data

Slapdash setup of Trump website collecting reports of Maricopa County in-person vote irregularities exposed 163,000 voter data records to fraud, via SQL injection. Continue reading Trump Site Alleging AZ Election Fraud Exposes Voter Data

No, Michigan voter data wasn’t hacked by the Russians

Michigan’s secretary of state on Tuesday refuted a news report asserting that the state’s voter registration database had been compromised in an example of how election officials are combatting misinformation weeks before the presidential election. The statement came in response to a report in Russian media outlet Kommersant claiming that recently purloined data on American voters was available on a hacking forum. It turns out that data was already publicly available, and it appears to have been repackaged by whoever was advertising it. “Our system has not been hacked,” Michigan Secretary of State Jocelyn Benson’s office said in a statement. “We encourage all Michigan voters to be wary of attempts to ‘hack’ their minds, however, by questioning the sources of information and advertisements they encounter and seeking out trusted sources, including their local election clerk and our office.” “Public voter information in Michigan and elsewhere is accessible to anyone through a […]

The post No, Michigan voter data wasn’t hacked by the Russians appeared first on CyberScoop.

Continue reading No, Michigan voter data wasn’t hacked by the Russians

Researcher finds trove of political fundraising, old voter data on open internet

A consulting firm that works with Democratic campaigns unknowingly left sensitive fundraiser information and credentials to old voter record databases open on the internet, according to a report published on Wednesday. Cybersecurity company Hacken says it discovered an unprotected Network Attached Storage (NAS) device managed by Rice Consulting, a Maryland firm that provides fundraising and mass communication to Democratic clients. Authentication was reportedly disabled on the NAS, and Hacken says that it was indexed by Shodan, an Internet-of-Things search engine. With its contents publicly accessible, the NAS revealed details about Rice Consulting’s clients as well as details about “thousands of fundraisers,” Hacken says. Those details include names, phone numbers, emails, addresses and companies. There were apparently also contracts, meeting notes, desktop backups and employee details. Rice Consulting did not respond to an email request for comment on the Hacken report. When CyberScoop called the firm, the person who answered said […]

The post Researcher finds trove of political fundraising, old voter data on open internet appeared first on Cyberscoop.

Continue reading Researcher finds trove of political fundraising, old voter data on open internet

Report: hackers are crowdfunding to buy voter data on the dark web

Voter records from 19 states are for sale on underground hacker forums, according to research from Anomali and Intel 471 published Monday. The discovery highlights hackers’ ongoing interest in exploiting voter data and certainly marks unauthorized use of the data, but likely can’t be called a breach, depending on how the data was obtained. While the records are being illicitly sold, they’re not necessarily illicitly obtained. In many states, basic voter information, like name, address and party affiliation are public records. However, there are varying restrictions around who is allowed to obtain them, sometimes being limited to journalists, researchers or political campaigns. The researchers estimate the vendors are offering more than 35 million records from the following states: Georgia, Idaho, Iowa, Kansas, Kentucky, Louisiana, Minnesota, Mississippi, Montana, New Mexico, Oregon, South Carolina, South Dakota, Tennessee, Texas, Utah, West Virginia, Wisconsin and Wyoming. The report says the price for a state […]

The post Report: hackers are crowdfunding to buy voter data on the dark web appeared first on Cyberscoop.

Continue reading Report: hackers are crowdfunding to buy voter data on the dark web

Hundreds of thousands of voter records found exposed on misconfigured server: report

Yet another misconfigured Amazon S3 bucket has exposed the sensitive information of unsuspecting people. This time, hundreds of thousands of voters’ information was left open for the taking by a Virginia robocalling firm called Robocent, according to Bob Diachenko, a security researcher at cybersecurity firm Kromtech. Diachenko wrote in a LinkedIn blog post Wednesday that he discovered a trove of about 26,000 files, including audio files with pre-recorded political messages and spreadsheets containing voter information, in the leaky server. The voter data, according to Diachenko, includes names, phone numbers, addresses, political affiliations, birth dates, genders, jurisdictions and some demographic information. The Robocent files were accessible to anyone who did a specialized web search for “voters,” said Diachenko. By the time it was identified by Kromtech, the server had already been indexed by GrayhatWarfare, another website that scans the internet for open S3 buckets. Diachenko says he disclosed the finding to Robocent […]

The post Hundreds of thousands of voter records found exposed on misconfigured server: report appeared first on Cyberscoop.

Continue reading Hundreds of thousands of voter records found exposed on misconfigured server: report