Hackers Are Sharing Reams of US Voter Data on the Dark Web

Even the most basic personal information can be of interest to hackers.

Alleged voting records of millions of American citizens have been uploaded to the dark web on a site affiliated with a well-known cybercrime forum. Although the information is not particularly sensitive in its own right, its presence on the site shows that even easily obtainable personal data can be of interest to hackers.

The datasets appear to include voters' full names, dates of birth, the date they registered to vote, addresses, local school districts, and several other pieces of information. The dumps also include voting records from previous elections and political affiliations. The two largest files are 1.2 GB and 1 GB, respectively, and each contain at least a million entries. The folder containing the files is called "US_Voter_DB," though Motherboard could not independently verify the contents' legitimacy.

It's not entirely clear where the data was sourced from. On December 28 last year, news site CSO Online reported that a database configuration issue had left 191 million voter records exposed to the open internet. That data was discovered by security researcher Christopher Vickery, who found his own personal information within the dump.

But as DataBreaches.net notes, depending on the state, lists of voter registration information can also be obtained from the government, and combined with other datasets to build a more complete picture of a person's life. Indeed, much of the data appears to be related to voters in Ohio, where voter records are made available online.

DataBreaches.net told Motherboard in a Twitter message that "states need to be more protective of voter reg. data."

While the data does not contain particularly sensitive data such as social security numbers or credit card information, it's clearly still considered valuable.

A security researcher with knowledge of the underground data market told Motherboard hackers could potentially use the data for "mostly phishing and also the capacity for vengeful skids to dox people."

Using the information available, a hacker could pose as a trusted source to convince a target to hand over more sensitive data such as banking details in a phishing attack. Alternatively, it would be trivial for a someone armed with a name and address to then look up phone numbers, email addresses, or social media profiles to dump more identifying information on someone ("dox" them).

The data is hosted on a password-protected hidden service, which the administrator of Hell posted a link to.

When it first appeared back in 2015, Hell was where data from cheating site AdultFriendFinder was posted. The forum was rebooted earlier this month after a dramatic episode in which administrators disappeared and the site dipped in and out of existence.

It is now being run by someone who goes by the username ROR[RG], a moderator of the site's previous iteration.

The first chunks of the voter data appear to have been uploaded or last modified on December 27, with compressed versions of the same data added on January 11.

The sad reality is there's not much people can do about it now. Once their data has been obtained by hackers, there's no getting it back.