In a massive security blunder, a database storing detailed information on "every voter in the US state of Louisiana" was leaked online without password protection, according to cybersecurity experts with the MacKeeper Security Research Centre.
The exposed database, titled 'Lavoter' and hosted on Google cloud IP, contained 2,919,651 voter records in total with leaked data including names, addresses, gender, race, political party IDs, voter status, registration numbers, telephone numbers and voting histories.
It remains unclear who is responsible for leaking the database online – be it an individual political group or a government department with the state of Louisiana. Bob Diachenko, researcher at MacKeeper Security Research Centre, told IBTimes UK the database has since been secured.
The team found the database as part of a weekly "Internet of Things (IoT) scanning routine" on 16 September, Diachenko said, adding the trove of voter records were exposed for roughly a week. By 19 September, public access to the files had been rescinded. IBTimes UK was provided with a sample containing 1,000 records to verify the claims.
Alongside the leak, the team assigned to investigate and verify the breach said they were shocked to find out that the state of Louisiana appears to actually sell voter records to "basically anyone willing to pay for it" for roughly $0.01 per name.
News of the security snafu is the latest in a long line of election-based troubles in the US. It follows a major hack at the Democratic National Committee (DNC), which was suspected to be orchestrated by Russian intelligence. Additionally, over 20,000 emails from the US Democratic Party were recently leaked online by whistleblowing organisation WikiLeaks.
"The current US election has shown us more than any other just how much technology has become a part of the process," Diachenko wrote in a blog post. "The negative side of that is there is no common standard of security and data protection of election and voter data.
"Voter data and elections should be considered critical infrastructure and not sold off to the highest bidder. Citizens should, at a minimum, have the right to opt out of having their data sold if they live in a state that sells voter information.
"Why are Americans so worried about Russian hackers and protecting voter's personal data when some states will just sell it?"
Alongside the voter database, a second cache was uncovered on the same cloud IP. It was named 'Lapds, contained 6,978,508 records and is believed to be attributed to the Louisiana Department of Public Safety, the researcher said.
While not as much remains known about this database, it contained names, addresses, dates of birth, driving license numbers and other information relating to social security numbers (SSNs). The database also contained information relating to deceased voters, the researchers said.
This is not the first time that MacKeeper and its research team has uncovered massive troves of material online in an unencrypted format. One of the team's main experts, Chris Vickery, often uses the Shodan search engine to locate database errors.
In one major find, he uncovered a leaked voter database belonging to a Mexican political party that exposed 93.4 million records. Most recently, he revealed that a controversial database managed by Thomson Reuters – called World Check – that disclosed information on roughly 2.2m individuals with suspected criminal links.