191 million US voters' data exposed online in database mishap

Personal data and non-public information on almost 60 percent of US citizens was available online because of a misconfigured database.
Written by Zack Whittaker, Contributor
A political data manager is thought to be source of the leaked data. (Image via CBSNews.com)

More than 191 million US voters' records have been discovered online by security researchers and reporters.

The database reportedly contains voters' names and addresses, voter identification numbers, phone numbers, dates of birth, and political affiliations. Included in the data is a itemized voting history since 2000.

Social Security numbers and driving license data are not in the database. A configuration issue is being blamed for the leak.

Although in most states, access to voter registration data is available as a matter of public record, much of the data is highly restricted and can be used for limited purposes.

In one example, South Dakota requires those requesting voter data to confirm it will not be used or sold for commercial purposes, according to The Hill.

Security researcher Chris Vickery first alerted DataBreaches.net, and later reached out to CSO, which was one of the first to cover the story. California's attorney general was also informed, as was the FBI's New York field office.

It's believed that the data was initially bought by an third-party firm, which gives others' -- such as political campaigns -- access to large portions of voter data at a lower cost. Vickery said that the database originated from Nation Builder, a software company with backing from venture capitalist Ben Horowitz and Napster co-founder Sean Parker.

Nation Builder did not immediately return an email for comment at the time, but told The Hill that the company "cannot control what happens" to voter data once customers buy it.

The data is used by political campaigns to narrow down their messages with their target demographics.

CSO reporter Steve Ragan said that he doesn't blame the company for his leaked record.

"I blame the person(s) who developed the database and poorly configured its hosting," he said on his blog. "I'm just not sure who they are yet."

The data is still online as of Monday, said DataBreaches.net.

Editorial standards