Around 35 million US voter records from the year 2018, were found on a popular hacking forum for sale. The seller was demanding $42,200 dollars for all the records from 19 states. The advertisement on the hacking forum says that the data sold is from updated statewide voter lists and contains vulnerable information including phone numbers, full addresses, and names of millions of US residents.

The information sold on the dark web was first discovered by two threat intelligence firms.

“To our knowledge, this represents the first reference on the criminal underground of actors selling or distributing lists of 2018 voter registration data,” researchers from Anomali Labs and Intel471 said after discovering the advertisement.

Both the companies verified the sample of the advertised data and confirmed the data to be valid with a “high degree of confidence”.

Nearing November midterm elections 2018

Concerns around the U.S voter data mishandling have continued to be in peak as the elections are just four weeks away.

Researchers at Anomali Labs said in a blog post that, “With the November 2018 midterm elections only four weeks away, the availability and currency of the voter records, if combined with other breached data, could be used by malicious actors to disrupt the electoral process or pursue large-scale identity theft.”

Impact of the breach

The data breach and disclosure affects 19 states, out of which 23 million records belong to just three states. Impacted states included Georgia, Idaho, Iowa, Kansas, Kentucky, Louisiana, Minnesota, Mississippi, Montana, New Mexico, Oregon, South Carolina, South Dakota, Tennessee, Texas, Utah, West Virginia, Wisconsin, and Wyoming said researchers.

Depending on the state and number of voter records found in the database, each voter list was priced from $150 to $12,500, the research team said.

Interested buyers

Many ‘high-profile hackers’ of the forum have set up a campaign to raise money by selling voter registration databases according to votes cast by participants. The goal of the crowdfunding campaign is to share the data publicly. However, right now, the database for Kansas state has been acquired in a crowdfunding way and shared with financial backers. Oregon State is in the lead as the second state to be published.

Security researchers said, “According to the actor, the purchased databases would be made available free of charge to all registered members of the hacker forum, with early access given to donors of the project.”

Temporary breakout or persistent access?

Researchers at Anomali Labs said, “Given the illicit vendor claims of weekly updates of voter records and their high reputation on the hacker forum, we assess with moderate confidence that he or she may have persistent database access and/or contact with government officials from each state.”

The seller also claims that “data is refreshed each Monday of every week” suggesting persistent access to the voter database.

Earlier this July, Robocent, a Virginia based political campaign, and robocalling company, was found leaking U.S voters information through a misconfigured Amazon S3 bucket.
Cyware Publisher