Compliance Management, Threat Management, Privacy

35 million voter records from 19 states found for sale on Dark Web

More than 35 million voter records have been found for sale in a Dark Web forum containing information on voters from 19 states with prices ranging from $150 to $12,500.

This information was tallied by Anomali Labs researchers working in conjunction with Intel 471 which reported the records contain voter data including full name, phone numbers, physical addresses, voting history, and other unspecified voting data. The researchers noted that 23 million of the records came from just three states, which they did not name, with the remaining 12 million divided up among the remaining 16 states.

“To our knowledge, this represents the first reference on the criminal underground of actors selling or distributing lists of 2018 voter registration data, including U.S. voters’ personally identifiable information and voting history,” Anomali and Intel 471 said.

If this data is combined with information derived from other breached databases there is a chance it could be used to disrupt the electoral process or pursue large-scale identity theft, the report stated.

The states are:

Georgia
Idaho
Iowa
Kansas
Kentucky
Louisiana
Minnesota
Mississippi
Montana

New Mexico
Oregon
South Carolina
South Dakota
Tennessee
Texas
Utah
West Virginia
Wisconsin
Wyoming

Perhaps due to the cost, several groups have set up crowdfunding sites promising those who donate will have access to all of that state’s data once the goal has been reached. As of today, only the Kansas records have been sold and one with for Oregon at about 20 percent complete, according to information seen on the Dark Web forum by the researchers. Another group offered to buy all of the records and make them generally available to the embers of a particular hacker’s forum.

The malicious actors selling these databases include with their base price weekly voter registration updates for the buyer that, they claim from contacts within the state governments. This indicated the threat actors either had persistent access to the database electronically or was obtaining the information from a human source.

The forum where the information is being sold.

“Threat actors frequently recruit and fool insiders into helping them to pull off data theft and abuse schemes. This research seems to indicate that insiders either knowingly or unwittingly helped the nefarious party to obtain voter information,” Dtex CEO Christy Wyatt told SC Media.

“Certain states require the seller to personally travel to locations in-state to receive the updated voter information. This suggests the information disclosure is not necessarily a technical compromise but rather a likely targeted campaign by a threat actor redistributing possibly legitimately obtained voter data for malicious purposes on a cybercrime forum,” the report stated.

The variable prices for each state, $150 to $12,500, could be related to the number of voter records per database listing or perhaps reflects the confidence the seller has that the data is accurate.

Some voting records are already of public record, the researchers noted, and can include full name, address, email and party affiliation, but for the most part those who can obtain these lists are limited to groups such as political campaigns, journalists, or academic researchers.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.