Data of nearly two million U.S. voters leaks

Cornelia Mascio
Agosto 18, 2017

A PROBLEM WITH VOTING MACHINES AND CLOUD SERVICES services has led to the personal information of 1.8 million Chicago citizens being exposed online. The company, Election Systems & Software (ES&S), posted about the leak on its website.

Security researchers from UpGuard spotted the issue with voting machine supplier Election Systems & Software (ES&S) when it found backup files of voter info on an Amazon web server. Authorities alerted ES&S to the leak on August 12, and the data was secured.

The exposed cache was discovered by UpGuard researcher Jon Hendren and was configured for public access, potentially allowing anyone accessing the S3 bucket's web address to view and download its contents. A spokesperson for ES&S said in a statement the firm has no indication that the information had been previously accessed by people other than the researchers who discovered it.

ES&S was notified this week by the FBI and began its own "full investigation" with UpGuard's assistance, "to perform thorough forensic analyses of the AWS server, the company said in a statement, noting that the investigation was ongoing". He handed it off to analyst Chris Vickery who downloaded the information to examine the content. Vickery shared his findings with local and IL state authorities Saturday morning.

Voter records were not altered, and no vote tabulations or election results were affected, Allen said. "We were most concerned that it was out there at all", he said.

The firm is also now reviewing all procedures and protocols, including those of its vendors, to make sure that its systems and data are secured and prevent any similar incidents in the future. This means someone at ES&S misconfigured a security setting and exposed the data online. He also said the leaked files contained some voting system administration credentials.

As reported by Gizmodo in June, UpGuard previously discovered a massive, unsecured database online leaking the personal information of almost 200 million USA registered voters. "We have been in steady contact with ES&S to order and review the steps that must be taken, including the investigation of ES&S' AWS server. We are taking steps to make certain this can never happen again".

Altre relazioniGrafFiotech

Discuti questo articolo

Segui i nostri GIORNALE