An open AWS S3 bucket at a political autodial company exposed nearly 2,600 files relating to a number of political campaigns in the U.S. and was indexed by GrayhatWarfare, a database of 48,623 open S3 buckets.
Virginia Beach, Va.-based Robocent cloud storage “was available for anybody on the internet searching for a ‘voters' keyword, long before I have spotted it,” Kromtech Security researcher Bob Diachenko, wrote in a blog post. The “repository contained both audio files, with pre-recorded political messages for robocalls dials (*.mp3, *.wav), and voter data (*.csv, *.xls files),” which included names, phone numbers, addresses, political affiliation, birth years, gender, jurisdiction and demographics based on ethnicity, education and language.
Diachenko said much of the data was aggregated from outside data companies like NationalBuilder.
As the midterm elections approach, the security of voter and election data has sparked concern.
Inadequate cybersecurity hygiene “has permeated through virtually all job roles within the election ecosystem - private and public,” said Ben Johnson, CTO and co-founder of Obsidian Security. “And given this abysmal state of election security, one has to assume that any voter data that hasn't already leaked soon will.”
The picture is likely to “get worse before it gets better,” he said, as companies, campaigns, and individuals race “to collect and utilize data without doing nearly enough to properly safeguard it” and motivated, sophisticated attackers gear up to pilfer it.
“Voter data is extremely sensitive and leaks like this highlight the need for organizations to maintain visibility into where their data is located within their cloud infrastructure and whether the storage system is risk appropriate given the sensitivity of the information,” said Sam Bisbee, CSO at Threat Stack. “It's easy for a fast-growing or seasonal organization like this one to lose track of that risk over time.”