CONFERENCE On Demand: Cyber AI & Automation Summit - Watch Now
Connect with us

Hi, what are you looking for?

SecurityWeekSecurityWeek

Incident Response

Second Database Exposing Voter Records Found Online

A Christian conservative organization is believed to be responsible for exposing the details of millions of U.S. citizens by failing to ensure that its databases could not be accessed by unauthorized individuals.

A Christian conservative organization is believed to be responsible for exposing the details of millions of U.S. citizens by failing to ensure that its databases could not be accessed by unauthorized individuals.

Security researcher Chris Vickery has been spending most of his free time scanning the Web for improperly configured databases. The expert has identified dozens of databases exposing the personal details of millions of people.

Millions of voter records exposed

In late December, Vickery reported finding a MongoDB database containing the records of 191 million U.S. voters, includes their names, gender data, home addresses, mailing addresses, phone numbers, dates of birth, party affiliations, and other details dating back to 2000.

However, tracking down the owner of the database proved a difficult task. The main suspect was initially NationBuilder, a platform used by political campaigns worldwide. NationBuilder has admitted that it might be the source of some pieces of information included in the leaky database, but the company denied being responsible for the database itself.

Shortly after finding the 191 million records, Vickery identified a second database containing more than 56 million records. Roughly 37 million of these records included the details of voters in states whose name starts with the letters A through I, except D.C, Illinois and Iowa. The information was similar to the one found in the database containing 191 million records, but it had been updated more recently, in April 2015.

The other approximately 19 million records included additional personal details about each individual, including their income level, employment, and whether they were a charity donor, a religious donor, a health donor, a political donor, and a gun owner. The records also specified if a certain individual had any political party affiliations and if they were interested in hunting/fishing and auto racing.

Evidence suggests United in Purpose owns the databases

Advertisement. Scroll to continue reading.

According to DataBreaches.net, which worked with Vickery in analyzing the exposed information, the second database contains clues indicating that it could belong to a company called Pioneer Solutions, Inc. The researcher discovered that when someone signs up on Pioneer Solutions’ website, they get a confirmation email associated with a domain belonging to United in Purpose, a right-wing conservative social welfare organization.

Both Pioneer Solutions and United in Purpose are run by Bill Dallas, a former real-estate entrepreneur convicted for embezzlement. After his release in 1995, Dallas launched a communications firm for churches and wrote a book about how his life changed after spending time in a maximum-security prison.

United in Purpose uses data mining to identify Christians who are not registered to vote. According to a 2012 report from NPR, the company has been building a profile for each citizen to determine if they are “very serious” about their faith. Unregistered people whose profiles show that they are conservative Christians are then contacted by the organization.

The system assigns points to determine if an individual is a conservative Christian. Points are given if an individual likes NASCAR or fishing, if they are on traditional marriage or anti-abortion lists, if they attend church regularly, and if they home-school their kids.

This type of information matches the one found in the second database identified by Vickery. Furthermore, in 2012, United in Purpose reported that its database had already contained the details of 180 million adults in the United States.

DataBreaches.net wrote to Pioneer Solutions via its contact form and it received a response from Tamas Cser, the CEO of web design and application development company Digital Smart Technologies.

Both the database containing 191 million records and the one containing 56 million records were secured within 12 hours after DataBreaches was contacted by Cser. The Digital Smart Technologies CEO has denied that they manage the first database and claimed to be investigating the second database leak. It’s worth noting that the two databases were found on different IP addresses.

Based on the type of exposed information and since both databases were secured on the same day, Vickery believes United in Purpose is responsible for exposing voter records.

“Here’s my take on it: United in Purpose are ultra-conservative, anti-abortion, religious fanatics with Tea Party affiliations and they were most likely leaking America’s personal details to the world,” Vickery said.

SecurityWeek has contacted United in Purpose, Pioneer Solutions and Digital Smart Technologies for comment.

Written By

Eduard Kovacs (@EduardKovacs) is a managing editor at SecurityWeek. He worked as a high school IT teacher for two years before starting a career in journalism as Softpedia’s security news reporter. Eduard holds a bachelor’s degree in industrial informatics and a master’s degree in computer techniques applied in electrical engineering.

Click to comment

Daily Briefing Newsletter

Subscribe to the SecurityWeek Email Briefing to stay informed on the latest threats, trends, and technology, along with insightful columns from industry experts.

Join us as we delve into the transformative potential of AI, predictive ChatGPT-like tools and automation to detect and defend against cyberattacks.

Register

As cybersecurity breaches and incidents escalate, the cyber insurance ecosystem is undergoing rapid and transformational change.

Register

Expert Insights

Related Content

Cybercrime

A recently disclosed vBulletin vulnerability, which had a zero-day status for roughly two days last week, was exploited in a hacker attack targeting the...

Data Breaches

LastPass DevOp engineer's home computer hacked and implanted with keylogging malware as part of a sustained cyberattack that exfiltrated corporate data from the cloud...

Incident Response

Microsoft has rolled out a preview version of Security Copilot, a ChatGPT-powered tool to help organizations automate cybersecurity tasks.

Data Breaches

GoTo said an unidentified threat actor stole encrypted backups and an encryption key for a portion of that data during a 2022 breach.

Application Security

GitHub this week announced the revocation of three certificates used for the GitHub Desktop and Atom applications.

Incident Response

Meta has developed a ten-phase cyber kill chain model that it believes will be more inclusive and more effective than the existing range of...

Artificial Intelligence

Two new surveys stress the need for automation and AI – but one survey raises the additional specter of the growing use of bring...