Data of over 19 million Californians has been left exposed online thanks to an unsecured database. An attacker who ran an automated script to scan the web for open, unsecured MongoDB databases then stumbled upon it, wiped it, and held its contents for ransom.

Cybercriminals steal voter database of California, demand 0.2 BTC in ransom

Security researchers at the Kromtech Security Center revealed that the database contained files on all of the registered voters in California. “If there is one thing that the 2016 US election has taught us it is that the entire electoral process needs to be revamped and a more uniform secure process,” they wrote. “There have been several high profile leaks of voter data in recent months but in this case the entire voting population of California has had their information taken by cyber criminals.”

The research team disclosed they discovered an unprotected MongoDB database named ‘cool_db‘ that contained two collections – one was a manually crafted set of voter registration data for a local district and the other contained the entire state of California with 19,264,123 records. The database wasn’t secured and available for anybody with internet connection to view and even edit it. Researchers have, however, been unable to identify who was the owner of this database:

"Kromtech researchers were unable to identify the owner of the database or conduct a detailed analysis due to the fact that the database has been deleted by cyber criminals and there is a ransom note demanding 0.2 bitcoin ($2,325.01 at the time of discovery)."

It could be a government department, a contractor, or even another hacker.

The data in this database was later on wiped by the unidentified attackers, who posted the following ransom note.

“Your DataBase is downloaded and backed up on our secured servers. To recover your lost data: Send 0.2 BTC to our BitCoin Address and Contact us by eMail with your MongoDB server IP Address and a Proof of Payment. Any eMail without your MongoDB server IP Address and a Proof of Payment together will be ignored. You are welcome!”

The two collections contained the following information about over 19 million voters:

"City:
Zip:
StreetType:
LastName:
HouseFractionNumber
RegistrationMethodCode
State: CA
Phone4Exchng:
MailingState: CA
Email:
Phone3Area:
Phone3NumPart:
Status: A
Phone4Area:
StreetName:
FirstName:
StreetDirSuffix:
RegistrantId:
Phone1NumPart:
UnitType:
Phone2NumPart:
VoterStatusReasonCodeDesc: Voter Requested
Precinct:
PrecinctNumber:
PlaceOfBirth:
Phone1Exchng:
AddressNumberSuffix:
ExtractDate: 2017-05-31
Language: ENG
Dob:
Gender:
MailingCountry:
AssistanceRequestFlag
MailingCity:
MiddleName:
AddressNumber:
StreetDirPrefix:
RegistrationDate:
PartyCode:
Phone1Area:
Suffix:
NonStandardAddress:
Phone4NumPart:
CountyCode:
MailingAdd3:
MailingAdd2:
MailingAdd1:
UnitNumber:
Phone2Exchng:
NamePrefix:
_id: ObjectId
MailingZip5:
Phone2Area:

Second collection (22 GB in size, contained fewer records):
‘District’:
‘RegistrantId’:
‘CountyCode’:,
‘DistrictName’:
‘_id’: ObjectId"

Researchers note that the attackers have been targeting all the unsecured databases as over 32,000 were attacked in January and then another 27,000 databases were targeted in September, this year.

This report follows a June incident when another security firm had found a database containing details of over 198 million US voters. The latest one focuses on California, containing over 19.2 million voter records – even though there are only 18.2 million registered voters in California. The discrepancy could hint at redundancy in the records, but researchers haven’t explained if there are any repeated fields. Secretary of State of California has said the State is aware of the leak and “was looking into it.”

“This is a massive amount of data and a wake up call for millions citizens of California who have done nothing more than fulfil the civic duty to vote,” security researchers wrote. “This discovery highlights how a simple human error of failing to enact the basic security measures can result in a serious risk to stored data.”