The information was exposed on a public Amazon S3 bucket by a Virginia-based political campaign and robocalling company.
Researchers have discovered yet another misconfigured repository bucket – this time leaking the information of U.S. voters.
The information was exposed on a public Amazon S3 bucket by a Virginia-based political campaign and robocalling company called Robocent.
Kromtech Security researchers, who disclosed the bucket Wednesday, said the data was available for anybody on the internet searching for a “voters” keyword. Disturbingly, the Robocent data was found as a self-titled bucket indexed by GrayhatWarfare, a searchable database – where a current list of 48,623 open S3 buckets can be found, they said.
“I’m almost sure that the data was accessed, since it was practically available for search (I found it by entering search query ‘voters’ in [GrayhatWarfare]),” Bob Diachenko, head of communications at Kromtech Security, told Threatpost in an email. “There has been no indication on how long this was open. But I assume long enough – for tools like GrayHatWarfare to index and list it.”
For More Details :
https://threatpost.com/thousands-of-u-s-voter-personal-records-leaked-by-robocall-firm/134122/
