Breach, Data Security

Millions of California voter records exposed in unprotected MongoDB

UPDATED! California officials are investigating a report that an unprotected MongoDB database has been discovered possibly containing the names of every California voter.

Kromtech Security's Bob Diachenko that earlier this month Kromtech came across an database named cool_db containing 19.2 million voter records gathered in two collections that was fully unprotected and thus open for anyone to view. One batch contained voter registration data for a local district and the other the millions of records.

“Kromtech researchers were unable to identify the owner of the database or conduct a detailed analysis due to the fact that the database has been deleted by cyber criminals and there is a ransom note demanding 0.2 bitcoin ($2,325.01 at the time of discovery),” he said.

Just about every piece of PII on the voter was included in the database. This included name, address, phone number, email, place of birth, voting precinct and gender.

MongoDB databases have had a tough year having been in the news for a variety of issues including being hit with ransowmare to being found left unprotected.

Sam Mahood, press secretary for California Secretary of State Alex Padilla, told SC Media that it is investigating the issue and has called in help from law enforcement agencies.

We are looking into unconfirmed reports that a third party may have uploaded some California voter information in an unsecure location online. There is no evidence that any of the Secretary of State's systems have been hacked or breached or that any confidential information such as social security numbers, driver's license numbers, state ID numbers, or voter signatures were disclosed," Mahood said.

He added, that under California state law, limited voter data is made available for restricted use by campaigns, journalists, and academic researchers. It is illegal under state law to share or obtain this data without authorization.

Carl Wright, chief revenue officer, AttackIQ, said that to help ensure security organizations need to spend at least 10 percent of their cybersecurity budget on testing and validating the systems they have in place instead of waiting for something to happen and then attempt to mitigate the problem.

"We continue to see sensitive information being exfiltrated or held for ransom by cyber adversaries and we expect to see this trend continue throughout 2018.  Attackers do not jump from the internet directly into these rich data repositories.  One or more – avoidable -- protection failures must have occurred in order to grant them this unfettered access to sensitive data," he said.

Update includes commentary from Mahood and Wright.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms and Conditions and Privacy Policy.