Jump to content


News: Millions of U.S. Voter Records Exposed on Robo-Call Company RoboCent's Poorly-Configured AWS Cloud Storage


Recommended Posts

From IEEE (more info in the long article than quoted below) https://spectrum.ieee.org/tech-talk/telecom/security/millions-of-us-voter-records-exposed-by-political-robocall-company-robotcent-on-aws

Other links

Zdnet (screenshot and info about other voter records breaches) https://www.zdnet.com/article/us-voter-data-exposed-by-robocall-firm/

Newsweek https://www.newsweek.com/us-voter-database-leak-exposes-hundreds-thousands-records-cyber-expert-says-1032241

“The first bucket contained “just over 2,600 files,” according to RoboCent co-founder Travis Trawick, and was independently discovered by security researcher Bob Diachenko, who disclosed it to the company on 15 July. That disclosure, and the company’s subsequent press release, concerned files located at robocent.s3.amazonaws.com.

In addition to spreadsheets, those files also included recordings of robocalls made by Republican and Democratic candidates and their staffers.

“I believe the public listing on the s3 bucket was turned on instead of turned off,” Trawick said. “It was, pretty honestly, a rookie mistake. We have figured that out and locked it down.” RoboCent has cycled through four developers in five years, he adds, each of whom held varying degrees of responsibility over the company’s data security.

In response to Diachenko’s disclosure, RoboCent said the “affected database was from 2013-2016” and called it “outdated.”

But a second bucket at robo-uploads.s3.amazonaws.com, which was not mentioned in the original disclosure, contained many files whose names suggest they were uploaded in June 2018.

That bucket contained at least 1,903 files that were publicly available as recently as 16 July by directly navigating to URLs listed in a directory posted to Amazon Web Services.

Those spreadsheets contained data about voters from Alabama, Alaska, Hawaii, Illinois, California, Connecticut, Georgia, Massachusetts, Michigan, New Jersey, New York, North Carolina, Ohio, Pennsylvania, South Carolina, Florida, Utah, Tennessee, Texas, and Virginia.

An IEEE Spectrum analysis of 50 of the largest data files in that group showed that the files together contained more than 2.5 million voter records. The largest spreadsheet in the group held half a million records.

Many of the files in that second bucket contained inferences about voters’ finances, religious affiliations, personal interests and hobbies, and how they are likely to feel about issues such as abortion and healthcare reform.

Such data is compiled by companies, including Aristotle, Experian, Front Line Strategies, and Tridente Strategies, that help marketers and political organizations to target advertisements and campaigns. Political campaigns that purchased data from those companies would have uploaded it to RoboCent’s cloud storage in order to place automated calls to voters on each list.

One spreadsheet in the second bucket, for example, places 13,400 residents of the Bronx, New York into subgroups such as “Fragile Families” that reflect categories described within Experian’s Mosaic service, which promises to help brands market to certain types of customers.”

Edited by Arcadia
  • Sad 1
Link to comment
Share on other sites

I was a "Member" of IEEE for approximately 25 years, so I read the article you linked to on the "SPECTRUM" web site. IMO SPECTRUM is the most widely distributed IEEE publication and the most prestigious.

Are there not laws that companies with that kind of data are supposed to comply with, to protect it?   The people responsible for this seem to be beginners at the use of technology and have zero knowledge of computer or network security. 

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.


  • Create New...