Ahead of next month’s US presidential election, security researchers have identified databases containing detailed information about voters across the nation listed for sale on several hacker forums.
According to security firm Trustwave, the sellers claim the database contains 186 million records, which would account for practically all US voters.
For context, 126 million voters cast a ballot in the 2016 election, although this figure represented a 20-year low and analysts expect this year’s election to draw a record-breaking turnout.
The leaked databases are said to contain a wealth of highly personal information, including names, addresses, age, gender, contact details and even political affiliation.
US election data breach
The US voter database was initially discovered on RaidForums.com, a website that allows members to sell and acquire stolen data.
According to Trustwave, databases are traditionally sold for up to a thousand dollars in bitcoin, but the seller of the complete voter database, GreenMoon2019, asked that interested parties negotiate a price over direct message.
An analysis of one bitcoin wallet used to pay GreenMoon2019, which was created only in May, showed receipt of more than $100 million in payments.
Conversations between forum members suggest the voter database aggregates information stolen from unknown sources with data that is publicly available to download from the NCSBE.gov website.
“I can’t believe this information is just publicly listed on there [sic] site, it includes details about each vote like date of birth, address, party affiliation and address,” wrote one forum member.
Trustwave warned the NCSBE that cybercriminals were discussing the data online, but the organization insisted the information available consists of public records only.
Although all data breaches can affect those whose information has been exposed, the potential for harm is particularly clear in the context of an election already expected to suffer as a result of external intervention. Only this week, for example, Iranian intelligence was found to be responsible for a pro-Trump email campaign designed to intimidate Florida voters.
The fear, according to Trustwave, is that malicious actors could use voter information to “conduct effective social engineering scams and spread disinformation to potentially impact the elections, particularly in swing states”.
In a post-social media world, the premise of the fair and democratic vote has already been undermined, but handing malicious actors detailed information with which to conduct campaigns can only further aggravate the problem.