Voter data exposed by cloud configuration error
- By Sara Friedman
A misconfigured Amazon S3 bucket used by RoboCent, a Virginia-based campaign and robocalling company, left hundreds of thousands of voter records exposed on a public cloud.
RoboCent’s Amazon S3 bucket contained 2,594 listed files containing pre-recorded messages for robocalls and voter data for several campaigns that included names, phone numbers, addresses, political affiliation, age and demographics, according to Bob Diachenko, a security researcher at cybersecurity firm Kromtech. Diachenko wrote about finding RoboCent’s open Amazon S3 bucket in a LinkedIn blog post on July 18.
RoboCent co-founder Travis Trawick told ZDNet that the data was from an old bucket used from 2013 to 2016. It was indexed on GreyhatWarfare, a searchable database of open S3 buckets.
This is not the first instance of voter data being stored in the cloud unprotected. In June 2017 a security researcher found that an improperly configured Amazon S3 security setting exposed a database compiled by Deep Root Analytics containing the birth dates, addresses, voter registration details and social media posts of 198 million voters. In August of that same year, Election Systems & Software, a voting software and election management company, exposed records of 1.8 million Chicago voters because of a misconfiguration of a security setting on yet another Amazon S3 storage bucket.
This exposure of voter data also comes on the heels of other election security vulnerability disclosures. Earlier this week, ES&S admitted that it had installed remote-access software on a “small number” of election management systems sold from 2000 to 2006.
Sara Friedman is a reporter/producer for GCN, covering cloud, cybersecurity and a wide range of other public-sector IT topics.
Before joining GCN, Friedman was a reporter for Gambling Compliance, where she covered state issues related to casinos, lotteries and fantasy sports. She has also written for Communications Daily and Washington Internet Daily on state telecom and cloud computing. Friedman is a graduate of Ithaca College, where she studied journalism, politics and international communications.
Friedman can be contacted at firstname.lastname@example.org or follow her on Twitter @SaraEFriedman.
Click here for previous articles by Friedman.