Someone Left The Data of 2.9 Million Louisiana Voters Online For No Reason

Another day, another database left online for no apparent reason.
September 23, 2016, 3:00pm
Image: roibu/Shutterstock

Someone accidentally left a database of 2,919,651 records of Louisiana voters online, in yet another leak of voter's personal data.

The database contained names, home addresses, phone numbers, what party the voter is registered to, and what dates he or she voted, among other information. The database didn't contain email addresses or more sensitive information like social security numbers. The information in the database appeared to be correct, as it corresponded with public records.

Researchers at MacKeeper Security Research Center found the data this week as part of their routine scan for databases left online with no security.

"Just another misconfigured database left without notice," Mackeeper's Volodymyr Dyachenko told Motherboard. "Another inexcusably poor network management example."

Read more: Donald Trump's Website Accidentally Leaked Personal Data of Aspiring Interns

In the past few months, there has been a stream of leaks and hacks of voter data. In December 2015, security researcher Chris Vickery, who now works at MacKeeper, found an exposed database with the details of 191 million US voters. In January, cybercriminals were exchanging the data of millions of American voters on the dark web. More recently, the FBI reportedly uncovered evidence that hackers, perhaps working for a foreign government, had stolen information on voters in two American states, which Yahoo reported being Arizona and Illinois.

"It is concerning that there is a database out there," Brandee Patrick, a spokesperson for the Louisiana Secretary of State, told Motherboard in a phone call. "However voter records, with exception of some of the data, are public records."

As we explained before, voters records aren't that secret. Regulations depend on the state, but most of the information submitted by a would-be voter is considered public. In general, these records can be obtained by a large number of people, sometimes even by anyone who's willing to pay for it. In the case of Louisiana, the lists are on sale for $0.1 cents per name, with a maximum expense of $5,000.

"Just another misconfigured database left without notice."

Some, however, believe not all voters' data should be public. The Sunlight Foundation, a non-profit that advocates for government transparency, has long pushed for balancing privacy and transparency when it comes to voters' records.

"Publishing the names and addresses of minorities, women and members of marginalized communities in an easily searchable form online increases the potential for that data to be used for harm, particularly for populations where domestic abuse is at issue," Alex Howard, a senior analyst at the Sunlight Foundation, told Motherboard in an email.

On the same IP address where they found the voters' database, MacKeeper researchers found another one with 6,978,508 records, the company said. This one was labelled "ladps," which seems to indicate the data belongs to the Louisiana Department of Public Safety, and it had information including full names, home addresses, race, sex, date of birth, height, weight, "residence parish code," and driving license number. Motherboard could not verify whether the data of this "ladps" database was accurate.

Both databases are now offline, but there's no way to know how long they had been exposed for anyone to see.

Another day, another database left online for no apparent reason.

Get six of our favorite Motherboard stories every day by signing up for our newsletter.