93.4 million Mexican voter records leaked online
Mon 25 Apr 2016
A complete database containing records of 93.4 million Mexican voters has been leaked online, without any password restrictions. The information was available for anyone to access across Amazon Web Servers.
The database was uncovered on 14 April by security expert Chris Vickery, who immediately alerted the Mexican government and the National Electoral Institute (NEI). Both authorities have since confirmed that the leaked data was legitimate and added that the data contained details such as full names, date of birth, addresses, occupations, and unique voting numbers for every single registered Mexican voter.
Vickery explained that the breached data could potentially lead to many serious consequences for those affected. “Kidnapping is a considerable problem in Mexico, and allowing cartels to download copies of this database could prove disastrous,” he suggested.
It is unclear who leaked the data and how the database was published online, but for now the data has been removed from the servers and an investigation is under way.
Voter data is increasingly a target for hackers looking for valuable information on citizens. Last week, a member of Anonymous Philippines was arrested for the hacking of the Commission of Elections (Comelec) website in March, and for tipping off other hackers on how to access the database of registered voters.
At the beginning of April, it was discovered that someone had hacked and leaked the entire Turkish citizenship database, containing details of 49,611,709 Turkish citizens, including the president Recep Tayyip Erdoğan. This information was also publicly available online until a few days ago.
Last year, Vickery also uncovered 191 million U.S. voter registration records online which exposed personal information including party affiliations and voting logs on whether the individual had voted in primary and general elections dating back to 2000. The leak, which contained 300GB of data, was also configured for public access with no password protection.
