In all, it encompassed 1.1 terabytes of information covering 198 million potential voters. Deep Root has hired a cybersecurity team to investigate the breach.
The database was discovered by Chris Vickery, a security researcher who specializes in finding unsecured sensitive data online. "As such, the exposed Deep Root Analytics warehouse contained a remarkable amount of fully accessible data", the report says. The server housing the data has since been secured. The information includes phone numbers, addresses, and detailed personal political opinions.
The bulk of the data is split into two huge spreadsheets, one containing information collected around the 2008 general election and the other with data from the 2012 election.
UpGuard discovered folders within the database that came from Data Trust. "This is valuable for people who have nefarious purposes", Joseph Lorenzo Hall, the chief technologist at the Center for Democracy and Technology, said of the data.
A further 24TB of data was also found in the S3 bucket, but it was protected against unauthorised access. Those files included a rating system that showed a voter's likelihood to support a policy or candidate on a scale of "very unlikely" to "very likely". "After we were informed of this incident, we updated the access settings and set the protocols to prevent anyone from accessing them", stated Alex Lund, founder of" Deep Root Analytics.
The discovery comes after a year of political turmoil during which the servers of the Democratic National Committee were hacked and leaked. The data included citizens' contact information, addresses, birthdays, and analyses used to predict how they felt about controversial political topics like gun control and abortion.
"That such an enormous national database could be created and hosted online, missing even the simplest of protections against the data being publicly accessible, is troubling", UpGuard's Dan O'Sullivan wrote. However, whenever a massive data breach occurs it's important to stay vigilant and take extra security steps.
The Deep Root Analytics leak is just the latest instance of voting records being exposed-though it appears to be the largest case thus far. Six months later, another database with 154 million records was also exposed.