Over the course of recent years, database breaches have become a more common occurrence than ever before. As technology evolves, hackers and assailants come up with new ways to exploit any vulnerability present in software solutions. At the same time, the technology used to store sensitive information has not evolved much. Proper solutions will have to be created, and blockchain technology is a strong contender for storing and transmitting user data in the future.
Misconfigured Database Leads to Data Theft of 191 Million Voters
American voter information is stored in databases, making it easier to look up by the officials maintaining this wealth of data. However, if that database is not properly configured, it can become vulnerable to exploits and attacks. Or in the worst case, the database in question becomes publicly accessible by anyone in the world.
As one would come to expect from a publicly accessible database, user information can be quite valuable to the wrong type of crowd. Policemen, for example, are among American voters as well, and a misconfigured database would expose their personal information – including home address – to criminals from all over the world. It goes without saying those are the last people anyone would want to give their home address to.
Some people might be wondering as to what type of other information is stored in a Voter’s List database. Other than the full name and address, there is also a phone number, date of birth, gender, and ethnicity. Luckily for all parties involved, social security numbers are not stored in these databases.
But there is more, as other personal information can be found in a Voter’s List as well. Political party affiliation and voting records, for example, are kept in these records. Political parties might be interested in obtaining that type of information, and target specific voters in an attempt to sway their opinion in favor of their own camp. Such information should be available to the individual alone, and not be part of any stored record, public or otherwise.
Who or What Is To Blame For This Error?
At the time of publication, it remained unclear as to who or what is responsible for exposing this database filled with valuable information to the public. What we do know is that law enforcement has taken the entire database offline, although an investigation into the matter is still ongoing as we speak.
One thing is for sure, though: databases do not configure themselves properly on their own accord. At some point along the line, human interaction is required to check, double check and triple check everything is working as intended. In additional, every database needs to be properly tested to ensure there are no common security vulnerabilities left.
It remains to be seen as to how this leaked information will be used over the next few months. With the Presidential Election Campaigns starting to heat up, some voters might find themselves being contacted by pollsters and journalists regarding their voting history and election issues.
Blockchain Technology for Greater Security
There are several ways to prevent these types of events from happening in the future. The obvious solution would be to upgrade database security, although there is only so much that can be done when human interaction is involved at any step along the way. Despite our best efforts, humans are not without flaws, and we are all vulnerable to corruption.
Computers and machines, on the other hand, do not suffer from these flaws. In fact, blockchain technology – which powers the Bitcoin ecosystem – creates an interesting candidate for the future of data storage as we know it. By distributing the data stored among different peers and nodes all over the world, decentralization is achieved, removing any central point of failure.
Co-founder of the P2P blockchain-based storage service Storj, Shawn Wilkinson, addressed the current database solutions as follows:
“Standard cloud services store all of the data for the consumers on centralized servers: encryption is rarely done on the client end. This results in the company holding the keys to the user’s data. With increasing frequency, these companies lose or have stolen our private user data.”
Information stored on the blockchain would not be accessible like traditional databases. Instead of protecting the information with a username and password, like current solutions, people accessing the data would need to provide a signature. That signature would be based on a token granted to the user, which is linked to a private key only known to the token owner. If the signature from that private key does not match the one stored in the blockchain, access will not be granted.
What are your thoughts on voter information being publicly available? Are you worried somebody might try to use your data for illegitimate purposes? Let us know in the comments below!
Images courtesy of Shutterstock, Database.Bio, Culprit Creative,