Security Experts:

Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Data Protection

93 Million Mexican Voter Records Leaked Online

Authorities in Mexico have launched an investigation after a researcher discovered a publicly accessible database containing the personal details of tens of millions of Mexican registered voters.

Authorities in Mexico have launched an investigation after a researcher discovered a publicly accessible database containing the personal details of tens of millions of Mexican registered voters.

MacKeeper researcher Chris Vickery reported on Friday that he discovered an unprotected database on an AWS server containing 93.4 million records associated with Mexican voters. The records include names, addresses, dates of birth, occupations, voter registration IDs, and other information.

“In my hands is something dangerous,” Vickery said. “It is proof that someone moved confidential government data out of Mexico and into the United States.”

The database was identified by the expert on April 14 on a US-based Amazon server and it was taken offline on April 22 after Vickery notified the Mexican National Electoral Institute (Instituto Nacional Electoral, INE), Amazon, the Mexican Embassy in Washington, the US State Department and the Department of Homeland Security (DHS).

Late last year, Vickery reported uncovering a misconfigured database containing the details of 191 million US voters. However, unlike in the United States where much of the information was already publicly available, Mexican law only allows the use of the voter database for verification purposes and the records should not be public.

In a statement published on Friday, INE said the database contained a list of voters compiled in February 2015. The organization filed a criminal complaint and an investigation is underway, but there is no evidence that the information was obtained as a result of a security breach.

INE representatives told DataBreaches.net that the data was made available to political parties and they are currently trying to identify the people responsible for the incident. It’s unclear if someone other than Vickery downloaded the information from the server, but INE hopes to get answers from Amazon.

According to some reports, many of the records are duplicates and the actual number of affected individuals is 87 million. Others report that the database contained 81 million unique records.

This is the third major data leak reported in the past weeks. Last month, hacktivists breached the website of the state election agency in the Philippines and obtained the details of 55 million people. Authorities arrested a 23-year-old man in connection to the incident.

At around the same time, hackers dumped a database containing the details of 50 million Turkish citizens.

Related: Misconfigured Database Exposed Microsoft Site to Attacks

Related: Defunct iPhone App Exposes Details of 198,000 Users

Written By

Eduard Kovacs (@EduardKovacs) is a contributing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Expert Insights

Related Content

Application Security

Cycode, a startup that provides solutions for protecting software source code, emerged from stealth mode on Tuesday with $4.6 million in seed funding.

Application Security

Many developers and security people admit to having experienced a breach effected through compromised API credentials.

Data Protection

The cryptopocalypse is the point at which quantum computing becomes powerful enough to use Shor’s algorithm to crack PKI encryption.

Application Security

Electric car maker Tesla is using the annual Pwn2Own hacker contest to incentivize security researchers to showcase complex exploit chains that can lead to...

Application Security

Virtualization technology giant VMware on Tuesday shipped urgent updates to fix a trio of security problems in multiple software products, including a virtual machine...

Cybersecurity Funding

Los Gatos, Calif-based data protection and privacy firm Titaniam has raised $6 million seed funding from Refinery Ventures, with participation from Fusion Fund, Shasta...

Application Security

Fortinet on Monday issued an emergency patch to cover a severe vulnerability in its FortiOS SSL-VPN product, warning that hackers have already exploited the...

Cybercrime

A database containing over 235 million unique records of Twitter users is now available for free on the web, cybercrime intelligence firm Hudson Rock...