The Scarily Common Screw-Up That Exposed 198 Million Voter Records

https://media.wired.com/photos/594829b56c638b3847cde2c1/master/w_670,c_limit/Exposed-728922837.jpg

A number of voter-data exposures have cropped up this year, in locations as disparate as Mexico, the Philippines, and the state of Georgia. But the one that dwarfs them all came to light on Monday: a publicly accessible database containing personal information for 198 million US voters—possibly every American voter going back more than 10 years.

A conservative data firm called Deep Root Analytics owns the database, and stores it on an Amazon S3 server. As Chris Vickery, cyber-risk analyst with security firm UpGuard, discovered earlier this month, all of that data was open to anyone who found it not because of clever hacking or complicated internet forces, but because of a simple misconfiguration. Think of it as leaving your valuables in a high-end safe with the door propped open.

It happens all the time, despite repeated, and repeatedly damaging, exposures of personal information. Even though it's not a hack, server misconfiguration constitutes one of the biggest cybersecurity risks for institutions and individuals alike.