VoterVoice is designed to connect lobby firms and campaign groups to alert interested individuals about hot-topic issues. However, an unprotected database at the firm has exposed a trove of personal information of people who have sent messages or participated in campaigns around hot political topics through “the grassroots advocacy system.”
What has been exposed - Discovered by a security researcher named John Wethington, the misconfigured server has exposed more than 300,000 unique email addresses, home addresses, phone numbers of the affected people. It also contained sensitive information related to political persuasions and religious beliefs.
According to TechCrunch, one file in the poorly protected database alone had 4,392 unique names, phones and email addresses of Americans with the same four-paragraph text sent to lawmakers to lobby for Medicare reform.
Who is to be blamed - It is not known for how long the misconfigured database was exposed. However, the researchers revealed that the server containing the unsecured database was created by a VoterVoice staffer, who was rolled into FiscalNote.
Meanwhile, FiscalNote has denied that the leak was limited to a single organization.
What has been done - While the information was visible to the public, it could have potentially been accessed by a malicious third party.
TechCrunch notes that after sending a file containing more than 80,000 user records and dozens of confidential contract signed by customers of VoterVoice, the storage server was finally secured.