[BreachExchange] Voter information for 4, 934, 863 Georgians leaked online

Destry Winant destry at riskbasedsecurity.com
Tue Mar 31 10:13:49 EDT 2020


https://securityaffairs.co/wordpress/100743/data-breach/voter-information-georgians-leaked-online.html


Voter information for 4,934,863 Georgians has been published on a
hacker forum over the weekend.

According to the data breach notification service Under the Breach, on
Saturday a file containing voter information for more than 4.9 million
Georgians, including deceased citizens, has been published on a
hacking forum.

Georgia has 3.7 million citizens, but the voting population is around one third.

Data were included in a Microsoft Access database file of a 1.04 GB.

Exposed personal information includes full names, home addresses,
dates of birth, ID numbers, and mobile phone numbers.

Under the Breach shared the database with the online media outlet
ZDNet that analyzed it and confirmed the presence of 4,934,863
records, many of them belonging to deceased voters.

“The database contained 4,934,863 records but was not kept up to date,
as it also included details for millions of deceased voters — as can
be seen from the screenshot below.” reads the post published by ZDNet.

The user that published the file on the hacker forum claims it was
originated from official government portal voters.cec.gov.ge, which is
the government service that allows voters to verify and update their
registration records.

At the time it is not clear how data was obtained by the users that
published it.

Similar incidents already occurred in the past, in September experts
discovered a huge data leak affecting Ecuador, maybe the largest
full-country leak, that exposed data belonging to 20 million
Ecuadorian Citizens.

In August 2019, voter information of more than 14.3 million Chileans,
which accounts for nearly 80% of the population, was exposed on the
internet due to an unsecured Elasticsearch database.


More information about the BreachExchange mailing list