Risk & Repeat: RNC voter database left open to the public

Continuing a string of recent mishaps with exposed data in the cloud, a massive voter database compiled by the Republican National Committee was left open to the public, exposing information on nearly 200 million American voters.

According to a report from cybersecurity vendor UpGuard Inc., a data analytics firm working on behalf of the RNC for the 2016 U.S. presidential election accidentally exposed the voter database on Amazon's Simple Storage Service (S3). Chris Vickery, an analyst with the UpGuard cyber-risk team, discovered the open Amazon S3 bucket, which had no password protection or access control of any kind, and which contained a misconfigured database with the private information on 198 million registered voters. According to the UpGuard report, the information included dates of birth, home and mailing addresses, phone numbers, registered party, voter registration status and other data, as well as projections on voters' modeled ethnicity and modeled religion.

It's unclear if unauthorized parties accessed the RNC voter database during its undetermined time of exposure. The error jeopardizes a huge investment in data analytics made by the RNC to help the Republican Party secure the White House in 2016. The exposure of the Amazon S3 bucket also affects the privacy of the vast majority of American voters.

In this episode of the Risk & Repeat podcast, editors Rob Wright and Peter Loshin discuss the impact of the voter database exposure, why so many S3 buckets are left open and how voter data can be used for weaponized identity attacks.