A massive record consisting of personal data like names, Date of birth, unique voting numbers, addresses, photographs and more info of 93,424,710 Mexican Voters were leaked to access on internet. On April 14, Chris Vickery a well-known security researcher at Mac keeper discovered the voter database containing the personal information of millions Mexican voters were found on MongoDB (document-oriented database) database earlier of this Month with no password protection, is accessible easily through a public IP address.
Chris, who previously dredged plenty of database flaws (13 million credentials of Mackeeper users and 3.3 million accounts of Hello kitty users) by using the Shodan (search engine for internet-connected devices and servers), informed the Mexican authorities that the database is hosted on the cloud-computing site Amazon Web Services. Basing on the lines of Motherboard, the data was air-gapped, and delivered through hard drives, CD-ROMS, or USB drives. After getting the information, The National Electoral Institute officials said that the list in the beginning was unclear to public and confirmed that the list cannot be viewed any more on web server. It was stated by the researcher that the database was finally taken offline on 22nd April.
In a blog post for Mac-keeper, Chris Vickery said, “Under Mexican law, these files are ‘strictly confidential’, carrying a penalty of up to 12 years in prison for anyone extracting this data from the government for personal gain. We’re talking about names, home addresses, birth dates, a couple of national identification numbers, and a few other bits of info.”
Vickery on discovery of this major breach of privacy on understanding few dangers for the Mexican voters said, “Kidnapping is a considerable problem in Mexico, and allowing cartels to download copies of this database could prove disastrous.” Well, le leak of Mexican Voters’ database on-line is not for the first time. In recent past i.e.; in 2013 a website called buscardatos.com consists of 2010 Mexican Voters record and the site had no restriction in finding anyone’s personal information. In 2003, Mexican Voters Database was sold to US government by a data broker Choice Point. Vickery earlier uncovered another MongoDB configuration error which exposed the details of 191,333,174 US voters.
President of the Mexican National Electoral Institute, Lorenzo Cordova Vianello said that his office needs to share the Database with all the country’s major political parties and strongly believe that one of them is responsible for this breach, as it’s still unclear who is responsible for the uploading the list.
