A misconfigured database that contained info for 593,328 Alaska voters was exposed online according to the Kromtech Security Center which discovered the records.
The records contained the contact and voting information of over 191 million voters, and 58 million unregistered, voting age consumers, compiled and provided by TargetSmart, a leading provider of political data and technology.
A misconfigured CouchDB instance led to the exposure, according to the security researchers. When the database was configured, administrators bypassed important security settings that were set to “public” instead of “private”, allowing anyone with an internet connection to gain access the repository.
“In this case CouchDB was misconfigured in a way when there is no password/login required to access the data (as well as some others non-SQL databases (e.g. MongoDB). In simple words – administrators often skip or disable security settings in order to ease access to the database internally or remotely,” said Bob Diachenko, chief security communications officer, Kromtech Security Center.
“By default, database is secured. Moreover, Couch also has web-interface which allows viewing and editing the information even in browser, without extra special software,” he added.
The security researchers report that a statement credited to TargetSmart claims the exposed data was not accessed by anyone other than the security researchers on their team, and the team that identified the exposure.