The personal details of over half a million American voters has been leaked after yet another cloud database misconfiguration, this time by a right-wing fundraising organization.
Researchers at UpGuard found a publicly readable Amazon S3 storage bucket at the end of August, belonging to the Tea Party Patriots Citizen Fund (TPPCF).
The TPPCF is what’s known as a “super PAC” — a political action committee which can raise unlimited funds but not “contribute to or coordinate directly with parties or candidates.” It has previously endorsed controversial candidates like Alabama’s Roy Moore.
The 2GB of exposed data included full names and phone numbers, states of residence and voter ID for over 527,000 individuals, many of whom lived in key states targeted by Republicans ahead of the 2016 election. Also leaked were strategy documents including phone scripts and templates and info on how to persuade voters to go with Trump.
“A help desk coordinator replied within hours and the bucket’s permissions were changed to only allow global authenticated users. This setting is still essentially public as anyone can have an Amazon account, and thereby authenticate as an Amazon user, for free. By Friday, October 5, all access to the bucket had been removed,” explained UpGuard.
“Misconfigured cloud storage like Amazon S3 is responsible for some of the largest data exposures in recent memory. These assets are private by default, meaning the permission set must be actively altered to allow public access. However, the fact that these assets can be misconfigured inevitably means that some of them will be misconfigured. Only controlled processes that account for the risk of exposure can prevent such misconfigurations from occurring.”
Earlier this week researchers revealed that an estimated 35 million voter records from 19 states are currently up for sale on a dark web forum.