Republican National Committee database was left exposed online
A Republican National Committee database of nearly every registered American voter was left vulnerable to theft on a public server for 12 days this month, according to a cybersecurity researcher who found and downloaded the trove of data.
The lapse in security was striking for putting at risk the identities, voting histories and views of voters across the political spectrum, with data drawn from a wide range of sources including social media, public government records and proprietary polling by politi- cal groups.
Chris Vickery, a risk analyst at cybersecurity firm UpGuard, said he found a spreadsheet of nearly 200 million Americans on a server run by Amazon’s cloud hosting business that was left without a password or any other protection. Anyone with internet access could also have downloaded the entire file.
The server contained data from Deep Root Analytics, a contractor to the Republican National Committee, which used Amazon Web Services for server storage.
“With this data you can target neighborhoods, individuals, people of all sorts of persuasions,” Vickery said. “I could give you the home address of every person the RNC believes voted for Trump.”
It is not known whether the information has been accessed by any one but Vickery. But if it was, it would represent perhaps the largest political data mishap in American history.