Gosh, we could have avoided all the angst about the Clinton/Sanders voter database breach if only we'd known about this major database, accessible to all:
An independent computer security researcher uncovered a database of information on 191 million voters that is exposed on the open Internet due to an incorrectly configured database, he said on Monday.
The database includes names, addresses, birth dates, party affiliations, phone numbers and emails of voters in all 50 U.S. states and Washington, researcher Chris Vickery said in a phone interview.
Vickery, a tech support specialist from Austin, Texas, said he found the information while looking for information exposed on the Web in a bid to raise awareness of data leaks.
Vickery said he could not tell whether others had accessed the voter database, which took about a day to download.
While voter data is typically considered public information, it would be time-consuming and expensive to gather a database of all American voters. A trove of all U.S. voter data could be valuable to criminals looking for lists of large numbers of targets for a variety of fraud schemes.
"The alarming part is that the information is so concentrated," Vickery said.
Evidently the data looks a lot like Nation Builder's data. Nation Builder will sell voter databases to anyone with the cash.*
“What Vickery has discovered is worse” than the recent breach of Hillary Clinton’s voter data by a member of Bernie Sanders’s campaign, Ragan writes, “because the data he discovered isn't a client score — it's a complete voter record for 191 million registered voters.”
“The problem is, no one seems to care that this database is out there and no one wants to claim ownership,” he says.
...
Both Ragan and DataBreaches.net believe the dataset originated with the third-party vendor Nation Builder but that the poor configuration that resulted in its exposure was done by a customer that purchased the information.
“Nation Builder is under no obligation to identify customers, and once the data has been obtained, they cannot control what happens to it,” Ragan writes.
Nation Builder denied ownership of the IP address.
Allow me to put my tinfoil hat on for a moment. We all know how campaigns circumvent SuperPAC coordination rules by putting B-Roll video out on YouTube quietly so it can be used for ads paid for by the so-called non-coordinating, non-political organizations.
How better to help out various campaigns than to put voter registration information out on the Internet as a massive database with no discernable owner and let campaigns target who they may?
Those lists cost a fortune to buy. I've looked at enough campaign finance reports to see who ponies up cash for various voter lists, and they're NationBuilder's bread and butter. For them to shrug and say, "Well, we don't have any responsibility for what happens to that data" is pretty damn irresponsible.
The worst part of this? It undermines people's faith in the confidentiality of their voter registrations and personal information. It makes it harder to register voters and to contact them during election season.
I hope they figure out who owns this data and pull it down right away. And then prosecute whoever did it.
*NationBuilder denies that the database itself came from them, though they do agree that some of the data likely did.
