Hackers steal 19M California voter records after holding database for ransom

Haythem Elmir

In late 2015, a security researcher found voter registration records of 191 million US voters on the Internet. Months later, hackers were found selling those records on several dark web marketplaces. Now, the IT security firm Kromtech has revealed that its researchers discovered a MongoDB database (a popular database management system) containing over 19 million California voters records.

Database Was Left Exposed

The database was left exposed for anyone with an Internet access to view or edit. In the majority of such cases, researchers contact the affected party and inform them about the exposed data, but in this case, Kromtech researchers were unable to identify the owner.

Remember, MongoDB is used by popular organizations such as LinkedIn, MetLife, City of Chicago, Expedia, BuzzFeed, KMPG and The Guardian etc.

Cybercriminals Held Voters Database For Ransom

Since early 2017, hackers have been targeting MongoDB based databases. In this case, according to researchers hackers discovered voters records, took control of it and left a ransom note before deleting the entire database.

The ransom note asked the owner of the database to send 0.2 bitcoin, that is around USD 3,123 (thanks to sudden price hike) to a bitcoin address. However, the fact that cybercriminals erased the database, researchers were unable to conduct a detailed analysis.

Furthermore, the group stated that “your database is downloaded and backed up on our secure servers.” Simply put: the group now holds the database and wants the owner to pay to get it back.

What Data The Database Had

In total, the 4GB database contained 19,264,123 records. As expected, it included highly personal and sensitive data of registered Californian voters such as:[..]
To read the original article:https://www.hackread.com/hackers-steal-california-voter-database-for-ransom/

Laisser un commentaire

Next Post

A 41-gigabyte archive containing 1.4 Billion credentials in clear text was found in dark web, it had been updated at the end of November.

Another monster data dump was found online, the huge archive contains over 1.4 billion email addresses, passwords, and other credentials in clear text. The huge trove of data, a 41-gigabyte archive, has been found online on December 5 by security shop @4iQ. According to 4iQ founder and chief technology officer Julio Casal, the […]