A security researcher working with MacKeeper exposed a database containing 154 million voter profiles for US citizens. The database was available online without username or password protection, it has been revealed.
The information, compiled by a US-based data brokerage firm called L2 that builds and sells profiles on US citizens, was left exposed online by a client and was reportedly being hosted on a Google cloud account without authentication.
In last year December, Security Researcher had reported data breach for 191 Million US Voters Personal Info Exposed By Misconfigured Database.
Exposed database contains sensitive records which includes
- Political preferences
- Home addresses
- Estimated incomes and positions on marriage equality
- Abortion law.
According to security researchers from MacKeeper
The database, a CouchDB instance, was located at IP address 18.104.22.168 on port 5984. It was configured for public access with no username, password, or other authentication required. That address resolves to 22.214.171.124.bc.googleusercontent.com (which is the IP address in reverse followed by a google domain name). This indicates that the person or organization responsible for the leaky database was renting server space from Google’s Cloud services.
When security researcher contacted to L2 team via email. They also attached a screenshot of the database as a proof.
Shortly after my email went out researcher received a response from L2’s CEO, Bruce Willsie, asking them to give him a call and providing his cell phone number. In the call researchers provided additional details that would hopefully assist in identifying exactly which client was responsible. The database was taken offline within three hours of the discussion.
Subscribe for latest security updates