Feeds

Pennsylvania officials bail after voter reg site springs a leak

Flaw exposes sensitive user data

Choosing a cloud hosting partner with confidence

Pennsylvania officials pulled the plug on a voter registration website after a user posted online instructions that showed the site was exposing sensitive information about people who used the service.

The flaw with the state's Voter Registration Application made it possible for anyone on the net to view registration forms that had been completed online. The forms contained a bevy of personal information, including the voter's name, date of birth, driver's license number and political party affiliation, ComputerWorld reports.

The revelation comes a month before the state holds a high-profile presidential primary that could determine who wins the nomination for the Democratic candidate for US President. Users who tried visiting the site on Wednesday got a message that it was not available.

A user with the handle mtg169 first disclosed the leak in on Digg. The post showed that it was possible to view the PDF applications of voters my modifying request parameter included in the URL of the voter registration site. Simply adding or subtracting numbers was all it took to view a different application.

"Valid IDs appear to be working from 50000 and up to 58500+," mtg169 wrote. "Very bad PA ... very very bad!" PA is the US postal abbreviation for Pennsylvania.

In a comment following the post, mtg169 added that IDs in the 20,000 range also exposed applications.

The breach represents a serious blow to the privacy of people who may have used the service. The instructions on Digg had been up for hours before the service was unplugged, and there's no telling how long miscreants had been using the flaw to take a peak at voters' personal details. ®

If you have a tip about the leakage of personal information, please contact your reporter here.

Security for virtualized datacentres

More from The Register

next story
Ex-US Navy fighter pilot MIT prof: Drones beat humans - I should know
'Missy' Cummings on UAVs, smartcars and dying from boredom
Facebook, Apple: LADIES! Why not FREEZE your EGGS? It's on the company!
No biological clockwatching when you work in Silicon Valley
The 'fun-nification' of computer education – good idea?
Compulsory code schools, luvvies love it, but what about Maths and Physics?
Doctor Who's Flatline: Cool monsters, yes, but utterly limp subplots
We know what the Doctor does, stop going on about it already
'Cowardly, venomous trolls' threatened with TWO-YEAR sentences for menacing posts
UK government: 'Taking a stand against a baying cyber-mob'
Happiness economics is bollocks. Oh, UK.gov just adopted it? Er ...
Opportunity doesn't knock; it costs us instead
Sysadmin with EBOLA? Gartner's issued advice to debug your biz
Start hoarding cleaning supplies, analyst firm says, and assume your team will scatter
Don't bother telling people if you lose their data, say Euro bods
You read that right – with the proviso that it's encrypted
prev story

Whitepapers

Forging a new future with identity relationship management
Learn about ForgeRock's next generation IRM platform and how it is designed to empower CEOS's and enterprises to engage with consumers.
Cloud and hybrid-cloud data protection for VMware
Learn how quick and easy it is to configure backups and perform restores for VMware environments.
Three 1TB solid state scorchers up for grabs
Big SSDs can be expensive but think big and think free because you could be the lucky winner of one of three 1TB Samsung SSD 840 EVO drives that we’re giving away worth over £300 apiece.
Reg Reader Research: SaaS based Email and Office Productivity Tools
Read this Reg reader report which provides advice and guidance for SMBs towards the use of SaaS based email and Office productivity tools.
Security for virtualized datacentres
Legacy security solutions are inefficient due to the architectural differences between physical and virtual environments.