Monday's HOT MIC

Monday's HOT MIC

It's a good thing this was discovered by a white hat hacker and not one of the bad guys:

In what is the largest known data exposure of its kind, UpGuard’s Cyber Risk Team can now confirm that a misconfigured database containing the sensitive personal details of over 198 million American voters was left exposed to the internet by a firm working on behalf of the Republican National Committee (RNC) in their efforts to elect Donald Trump. The data, which was stored in a publicly accessible cloud server owned by Republican data firm Deep Root Analytics, included 1.1 terabytes of entirely unsecured personal information compiled by DRA and at least two other Republican contractors, TargetPoint Consulting, Inc. and Data Trust. In total, the personal information of potentially near all of America’s 200 million registered voters was exposed, including names, dates of birth, home addresses, phone numbers, and voter registration details, as well as data described as “modeled” voter ethnicities and religions.

[...]

The data repository, an Amazon Web Services S3 bucket, lacked any protection against access. As such, anyone with an internet connection could have accessed the Republican data operation used to power Donald Trump’s presidential victory, simply by navigating to a six-character Amazon subdomain: “dra-dw”.

The breach was discovered by UpGuard Cyber Risk Analyst Chris Vickery, who reported it to federal authorities. It was subsequently locked down and the data secured (we hope). You may recall that Vickery was the guy who discovered a DOD security breach earlier this month:

Leading U.S. government contractor Booz Allen Hamilton has been found to have left more than 60,000 sensitive files on a publicly accessible Amazon Web Services server, according to a leading cybersecurity researcher.

The files were discovered by Chris Vickery, an analyst at the cybersecurity firm UpGuard, who told CyberScoop it’s “highly likely” that malicious actors are downloading this publicly exposed data but said it remains unclear if anyone realized and acted on the gravity of the exposed data. A large part of Booz Allen Hamilton’s business is contracting with intelligence agencies.

Tyler O'Neil will have more on this story in the Election section this afternoon.