SoylentNews is people
SoylentNews
Arthur T Knackerbracket has found the following story:
A voting machine supplier for dozens of US states left records on 1.8 million Americans in public view for anyone to download – after misconfiguring its AWS-hosted storage.
ES&S says it was notified by UpGuard researcher Chris Vickery of the vulnerable database that contained personal information it collected from recent elections in Chicago, Illinois. The records included voters' names, addresses, dates of birth, and partial social security numbers. Some of the records also included drivers' licenses and state ID numbers.
"The backup files on the AWS server did not include any ballot information or vote totals and were not in any way connected to Chicago's voting or tabulation systems," ES&S said in a statement on Thursday.
[...] A spokesperson for UpGuard confirmed to The Register that the vulnerable service was an AWS S3 silo accidentally set up to be open to the public. Strangely, only Chicago's data was exposed by a misconfiguration.
[...] Chicago's election board, meanwhile, says it is "deeply troubled" to hear of the exposure, but applauded ES&S for taking quick action.
"We have been in steady contact with ES&S to order and review the steps that must be taken, including the investigation of ES&S’s AWS server," said Chicago Election Board chairwoman Marisel Hernandez in a statement.
"We will continue reviewing our contract, policies and practices with ES&S. We are taking steps to make certain this can never happen again.”
This isn't the first time UpGuard found voter data sitting out in the open on AWS. Earlier this year the security firm caught a Republican analytics company who failed to put any access restrictions on an S3 instance that contained the personal details of nearly 200 million US voters within a 1.1TB database collected prior to the 2016 presidential election. ®
-- submitted from IRC
(Score: 5, Insightful) by maxwell demon on Saturday August 19 2017, @01:46PM (7 children)
The first question is why that data was on an AWS server. That type of data doesn't belong in the cloud, misconfigured or not. Indeed, already the voting machine supplier should not have it.
The Tao of math: The numbers you can count are not the real numbers.
(Score: 4, Insightful) by VLM on Saturday August 19 2017, @02:37PM
I live in an optical scanning state, so our registration is abstracted from our voting infrastructure. The machine has no idea who I am, but I can only get a ballot to use it from some nice octogenarians who theoretically might know who I am and have a "system" for voting registration. Apparently I should require multiple forms of ID and week long delays to buy a gun or obtain a building permit or marriage license, but any jackass who knows my name and roughly where I live can walk in without ID and vote for me, so yeah my state is at least as F-ed up as Illinois, just in a different way, LOL.
I checked out:
https://www.elections.il.gov/VotingInformation/VotingEquip.aspx [il.gov]
And Crook County instructions for voting seem to imply they use optical scanning hardware very similar to the hardware used in my state, which is interesting.
I'm a little unclear what ES&S actually do. I looked at their website (trivial to find) and its very corporate aka content free. I don't need the marketing bullshit I mean operational overview. My guess given the corruption level in Illinois in general is they are merely an elaborate money laundering conduit.
(Score: 2, Funny) by Anonymous Coward on Saturday August 19 2017, @02:39PM (3 children)
B-b-b-b-b-but The Cloud!!!!!
Are you trying to trigger a whole generation of MBA's and Marketdroids?
(Score: -1, Troll) by Anonymous Coward on Saturday August 19 2017, @03:29PM
You mean cannon fodder in the new 'murika.
(Score: 0) by Anonymous Coward on Saturday August 19 2017, @04:21PM (1 child)
What happens in The Cloud stays in The Cloud.
(Score: 3, Insightful) by Joe Desertrat on Saturday August 19 2017, @11:14PM
Forever and ever, no matter how hard you work to remove it.
(Score: 0) by Anonymous Coward on Saturday August 19 2017, @05:12PM (1 child)
They are putting all kinds of data in the cloud now. My real estate agent recently informed me that my rental property data is now in propertyme which is a wordpress site on AWS. All of the property data including financial, personal and tax all in the cloud. On a wordpress site. If someone puts their blog or hobby site on wordpress then who cares if it is hacked. Financial information? Personal information?
Just file this one under "asking for it" then place your bets for how long until this site is hacked.
(Score: 2) by kaszz on Saturday August 19 2017, @09:01PM
Fill out a form for suing for damages where the date and type of data leak is not filled out. And show it to your real estate agent. Maybe that get them to reconsider their stupidity?
Unless you suddenly update with your new address and income ;)
John Dough
5678 Far Away
Missing filed, Ill-nose 56743
Income: 10 000 (or whatever is just enough to rent but not to attract thieves)