Independent Texas-based security researcher Chris Vickery announced on Monday that he discovered a misconfigured database on the internet containing personal information of 191 million US voters including names, addresses, birth dates, and party affiliations.
Following the revelation, the database is no longer publicly accessible.
Speaking to Reuters about his discovery, Vickery said he did not know whether other interested parties had found or accessed the database before him. If so, this may pose security concerns.
The exposed information, although likely compiled through legitimate means, could potentially be of use to criminals wishing to carry out fraud or identify targets. The laws surrounding voter information vary from state to state in the US, with it being illegal in states such as California to make voter data available outside the country.
Databreaches.net, one of the first websites to report the leak, said it contacted a police officer who gave his name only as “Sam” who was concerned over the possibility that the leak could allow vengeful criminals to identify his address despite this not being publicly listed.
“Our society has never had to confront the idea of all these records, all in one place, being available to anyone in the entire world for any purpose instantly,” Vickery wrote on the social networking site Reddit on Monday.
The apparent leak is likely to increase focus on the issues of privacy and digital security, especially in light of a data breach earlier this year of the US Office of Personnel Management widely speculated to have been carried out by Chinese hackers. That data breach reportedly involved the theft of the records of up to 21.5 million federal employees.
"Privacy regulations are required so a person's political information can be kept private and safe," Reuters reported Jeff Chester, executive director of the Washington-based Center for Digital Democracy, as saying.
Several websites suggested the leaked information may have come from software produced by a Los Angeles-based software company named NationBuilder. In response to the speculation, NationBuilder Chief Executive Officer said in a statement the database was not created by his company, though some of the information it contains may have come from them.