'No password' database error exposes info on 93 million Mexican voters

AWS-hosted MongoDB database configured incorrectly

Mexico

Information on 93 million Mexican voters has been leaked online.

Voter records were exposed as the result of a config error in a MongoDB database that meant that the information was left accessible by anyone who knew where to look. The database – hosted on Amazon AWS – included voters' names, addresses, voter ID numbers, dates of birth, parents’ names, occupations and more.

The exposure was discovered by security researcher Chris Vickery. No password or authentication of any sort had been required to access the database, said Vickery, who said he had spotted the problem on 14 April. The database was pulled offline last week after Vickery notified the Mexican election authorities and Amazon, a process that was less than straightforward.

Databreaches.net has more on the breach and reaction from the Instituto Nacional Electoral, the Mexican election Authority, which has reportedly begun a criminal probe into the exposure of voter information.

Last December, Vickery discovered a database with 191 million US voter records. That data was a matter of public record, though it was not supposed to be accessible in bulk. Vickery's employer, MacKeeper, has provided some screenshots.

Redacted voter database in mexico hack - photo courtesy mackeeper

Even though it's smaller in terms of number of records, the Mexico breach is far worse because of the sensitivity of the data exposed.

Redacted voter database in mexico hack - photo courtesy mackeeper

The breach in Mexico follows a similar spill on the other side of the world, when stolen voter data from 55 million Philippines citizens made its way into a fully searchable website set up by hackers, security firm Malwarebytes reported.

The exposure of private information by governments in general is bad news for citizens because it leaves people more exposed to phishing and identity theft. ®


Biting the hand that feeds IT © 1998–2017