Security Experts:

93 Million Mexican Voter Records Leaked Online

Authorities in Mexico have launched an investigation after a researcher discovered a publicly accessible database containing the personal details of tens of millions of Mexican registered voters.

MacKeeper researcher Chris Vickery reported on Friday that he discovered an unprotected database on an AWS server containing 93.4 million records associated with Mexican voters. The records include names, addresses, dates of birth, occupations, voter registration IDs, and other information.

“In my hands is something dangerous,” Vickery said. “It is proof that someone moved confidential government data out of Mexico and into the United States.”

The database was identified by the expert on April 14 on a US-based Amazon server and it was taken offline on April 22 after Vickery notified the Mexican National Electoral Institute (Instituto Nacional Electoral, INE), Amazon, the Mexican Embassy in Washington, the US State Department and the Department of Homeland Security (DHS).

Late last year, Vickery reported uncovering a misconfigured database containing the details of 191 million US voters. However, unlike in the United States where much of the information was already publicly available, Mexican law only allows the use of the voter database for verification purposes and the records should not be public.

In a statement published on Friday, INE said the database contained a list of voters compiled in February 2015. The organization filed a criminal complaint and an investigation is underway, but there is no evidence that the information was obtained as a result of a security breach.

INE representatives told DataBreaches.net that the data was made available to political parties and they are currently trying to identify the people responsible for the incident. It’s unclear if someone other than Vickery downloaded the information from the server, but INE hopes to get answers from Amazon.

According to some reports, many of the records are duplicates and the actual number of affected individuals is 87 million. Others report that the database contained 81 million unique records.

This is the third major data leak reported in the past weeks. Last month, hacktivists breached the website of the state election agency in the Philippines and obtained the details of 55 million people. Authorities arrested a 23-year-old man in connection to the incident.

At around the same time, hackers dumped a database containing the details of 50 million Turkish citizens.

Related: Misconfigured Database Exposed Microsoft Site to Attacks

Related: Defunct iPhone App Exposes Details of 198,000 Users

view counter
Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.