Welcome
About
News
Anonymous Reporting
Tools
MCA Chatter
Library
V-ID Terminal
Support
My Account

News

Icon representing US Coast Guard Bulletin: Cyber Adversaries Targeting Commercial Vessels
US Coast Guard Bulletin: Cyber Adversaries Targeting Commercial Vessels

June 21st 2019
Icon representing Would you pay $1m for a laptop full of malware?
Would you pay $1m for a laptop full of malware?

May 23rd 2019
Icon representing Singapore Opens Maritime Cybersecurity Operations Centre (MSOC)
Singapore Opens Maritime Cybersecurity Operations Centre (MSOC)

May 22nd 2019
 
 
 

Californian Voters Suffer Major Data Breach

 
December 20th 2017
A database containing the personal information of every voter in California appears to have been stolen and held to ransom after it was exposed to the public-facing internet.

Kromtech Security Center researchers made the discovery in early December, finding an unprotected MongoDB database named “cool_db” accessible online to anyone with an internet connection.

“One was a manually crafted set of voter registration data for a local district and the other appeared to contain the entire state of California with 19,264,123 records, all open for public access,” explained the firm’s Bob Diachenko in a blog post.

“Kromtech researchers were unable to identify the owner of the database or conduct a detailed analysis due to the fact that the database has been deleted by cyber-criminals and there is a ransom note demanding 0.2 bitcoin ($2,325.01 at the time of discovery).”

The incident follows the same MO as a string of similar database thefts over 2017 in which hackers located publicly exposed MongoDB data stores, stole the information, backed it up to a private server and then deleted the original.

Around a quarter of MongoDB databases (27,000) left open to the internet were hit by ransomware back in January, and then in September three hacker groups erased an estimated 26,000 MongoDB databases.

The 4GB trove contained highly sensitive information which will be sought after on the dark web, including names, addresses, email addresses, phone numbers, dates and places of birth.

A statement from the Secretary of State of California’s office did not deny the claim, hinting that the incident may be the result of third-party negligence.

“We are looking into unconfirmed reports that a third party may have uploaded some California voter information in an unsecure location online. We take any allegation of improper use of voter data very seriously, and have enlisted the support of law enforcement. There is no evidence that any of the Secretary of State’s systems have been hacked or breached or that any confidential information such as social security numbers, driver’s license numbers, state ID numbers, or voter signatures were disclosed. Under state law, limited voter data is made available for restricted use by campaigns, journalists, and academic researchers.”

Source

Keywords