All Your Voter Data Are Belong To H4x0rz

Turns out that 2015 was an excellent year for some. Specifically, for people who want to compile dossiers on Americans. You may have heard about the data breach where the government lost the data on 3 million people who hold security clearances. I thought that was going to be the biggest breach of the year, until this:

191 million voters’ personal info exposed by misconfigured database

The database contains:

your first and last name, your home and mailing addresses, your date of birth, gender, and ethnicity, the date you registered to vote, your telephone number, your party affiliation, your e-mail address if you provided one when you registered, your state voter ID, whether you’re a permanent absentee voter, and whether or not you’re on the Do Not Call list.

The discussion boards claim that the data format suggests that the data came from a misconfigured Mongo instance. Who would have thought?

Despite all the noise that first-gen NoSQL companies selling broken software put out, we know how to build fast databases that can make strong guarantees. These guarantees go beyond just performance, consistence and fault-tolerance, to security. In particular, HyperDex uses the well-understood macaroons abstraction from Google to ensure that each and every individual item in a database can be associated with a security policy.

Of course, no technology can protect one from gross incompetence, such as putting the entire database online without any protection.

Share on Linkedin
Share on Reddit
comments powered by Disqus