Registered U.S. voters dating back more than a decade have been exposed in what’s believed to be the largest leak of voter information in history.
A data analytics contractor hired by the Republican National Committee (RNC) left databases containing information about 198 million potential voters open to the public for download without a password, according to a ZDNet report.
The leak helps prove that any political party is susceptible to cybersecurity vulnerabilities, despite the GOP’s insistence that it ran a more secure 2016 presidential campaign than the rival Democratic National Committee (DNC).
Gross negligence by the Democratic National Committee allowed hacking to take place.The Republican National Committee had strong defense!
— Donald J. Trump (@realDonaldTrump) January 7, 2017
The exposed databases belonged to the contractor Deep Root Analytics and contained about 25 terabytes on an Amazon S3 storage server that could be viewed without requiring a user to be logged in. In theory, this means that anyone knowing where to look could have viewed, downloaded, and have potentially used the information for malicious purposes.
The RNC worked closely with Deep Root Analytics during the 2016 election and paid the company $983,000 between January 2015 and November 2016, according to an AdAge report.
The RNC’s remarkably bad security was first discovered by researcher Chris Vickery of the security firm UpGuard. The security firm responsibly disclosed the vulnerability to the RNC, and the server was secured last week prior to making the news public today.
This vast exposure of voter information highlights the growing risk of data-driven campaigning used by both the DNC and RNC. The data in this case contained models about voters positions on different issues, including how likely it is that they voted for Obama in 2012 and whether they were likely to agree with Trump’s “America First” foreign policy talking point.
The leak has essentially exposed more than half of the U.S. population, trouncing the second-largest leak of voter information, the 2016 exposure of 93.4 million Mexican voters.
Perhaps the worst part about all of this is there’s very little voters can do to ensure their information is stored privately and securely. Mashable has reached out to the RNC and Deep Root Analytics for comment, and will update when we hear back.