Voter records for 80% of Chile's population left exposed online

Chile's Electoral Service confirms the data's authenticity, but denies it owns the leaky server.

Santiago de Chile

Santiago de Chile skyline

Image: Pablo García Saldaña

The voter information of more than 14.3 million Chileans, which accounts to nearly 80% of the country's entire population, was left exposed and leaking on the internet inside an Elasticsearch database.

ZDNet learned of the leaky server from a member of the Wizcase research team, who passed the server's IP to this reporter last week, in order to identify the nature and source of the leak.

We found that the database contained names, home addresses, gender, age, and tax ID numbers (RUT, or Rol Único Tributario) for 14,308,151 individuals.

Chile voter records DB

Image: ZDNet

ZDNet has confirmed the validity and accuracy of this information with several of the individuals whose data was contained in the leaky database.

A spokesperson for Chile's Electoral Service -- Servicio Electoral de Chile (Servel) -- also confirmed the data's authenticity; however, they denied owning the leaky server.

Voter records are from 2017

Both our private sources and the Servel spokesperson indicated that the data stored on the Elasticsearch server, hosted on the network of a US hosting provider, is at least two years old.

"The mentioned information corresponds to the data of 2017," a Servel spokesperson told ZDNet.

Inquired if the agency had allowed third-parties access to its data to build election-related apps, Servel said that "access to critical service data is not given to external contractors."

The agency said it's tasked by Chile's laws to keep the data up to date and provide an interface through which voters can verify the validity or update their voter information. This can be done via mobile apps or Servel's official website.

Servel said it believes that there were people who scraped this information from its website and later assembled it in databases as the one ZDNet reported to the agency.

At the time of writing, the server is still online. The Wizcase team published their own report on the leaky server on their blog. WizCase researchers assessed that the server contained data "on nearly every Chilean adult," including high-profile politicians.

More data breach coverage: