U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Hackers Steal Data of 4.38 Million Aflac Japan Customers|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

Hacker is offering for sale a complete US Voters archive

Colleagues at HackRead discovered a seller using the pseudonym of ‘DataDirect’ offering US voters’ registration records on a black marketplace. On the Dark Web is quite easy to find any kind of data, recent data breaches have literally flooded the principal black markets. Recently, colleagues at HackRead discovered a seller using the pseudonym of ‘DataDirect’ […]

Hacker is offering for sale a complete US Voters archive

Colleagues at HackRead discovered a seller using the pseudonym of ‘DataDirect’ offering US voters’ registration records on a black marketplace.

On the Dark Web is quite easy to find any kind of data, recent data breaches have literally flooded the principal black markets.

Recently, colleagues at HackRead discovered a seller using the pseudonym of ‘DataDirect’ offering US voters’ registration records on the dark net marketplace “The Real Deal.” The seller offers  US voters ’ records where for each state at 0.5 BTC (around USD 340). The seller claims to have access to US voters ’ records from all the US states.

“US voter registration records. Selling the DB on a State-by-State basis. 0.5 BTC per state (you must tell me which State you want. Some people think it’s unfair to make each State cost the same amount because some States are much bigger than others. I think it’s just easier this way.” states the item description.

US VOTERS REGISTRATION RECORDS

At the time, I was writing there is no news about the authenticity of the records, but DataDirect is a seller already known to the experts because it is the same that leaked online the Thomson Reuters World-Check terrorist database.

The availability online of records belonging to US voters is not a novelty, in December 2015 the security expert Chris Vickery discovered 191 million records belonging to US voters online. The precious data were stored in an unprotected server exposed online.

The database containing US voters ’ data was discovered on December 20th, Vickery provided all the details about his disconcerting discovery to DataBreaches.net. The archive includes over 191 Million Americans’ personal identifying information (PII).

Vickery also found his own information in the database containing 300GB of voters’ data.

“My immediate reaction was disbelief,” Vickery said. “I needed to know if this was real, so I quickly located the Texas records and ran a search for my own name. I was outraged at the result. Sitting right in front of my eyes, in a strange, random database I had found on the Internet, were details that could lead anyone straight to me. How could someone with 191 million such records be so careless?”

It is not clear how DataDirect gained access to the precious archive, it is likely he has found the same archive discovered by Vickery, but we cannot exclude that he hacked other servers containing the same information, including a government server.

DataDirect also shared two screenshots that show some records included in the archive, one image shows personal and voting details of a voter of the State of California.

US VOTERS REGISTRATION RECORDS sample 1

US VOTERS REGISTRATION RECORDS sample 2

US VOTERS REGISTRATION-RECORDS-sample-3

This kind of data could be used by threat actors in the wild to launch other attacks against the US voters. Data could be used in spear phishing attacks or any other scam scheme.

In April 2016, Vickery discovered on Amazon’s AWS online a 132 GB database containing 93.4 million Mexican voter records. The archive went online for at least eight days after Vickery discovered it, the database was set for a public access since September 2015.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(Security Affairs – US voters database, hacking)

[adrotate banner=”5″]

[adrotate banner=”13″]