A Republican contractor’s database of nearly every voter was left exposed on the Internet for 12 days, researcher says

A Republican analytics firm's database of nearly every registered American voter was left vulnerable to theft on a public server for 12 days in June, according to a cybersecurity researcher who found and downloaded the trove of data. The lapse in security was striking for putting at risk the identities, voting histories and views of voters across the political spectrum, with data drawn from a wide range of sources including social media, public government records and proprietary polling by political groups.

Chris Vickery, a risk analyst at cybersecurity firm UpGuard, said he found a spreadsheet of nearly 200 million Americans on a server run by Amazon's cloud hosting business that was left without a password or any other protection. Anyone with Internet access who found the server could also have downloaded the entire file. The server contained data from Deep Root Analytics, which created a database of information from a variety of sources including the Republican National Committee, one of the company's clients. Deep Root Analytics used Amazon Web Services for server storage, and Vickery said he came up on the server's address as he scanned the Internet for unsecured databases.