A database on a third party computer server comprised of over 19.5 million Californians voter records was exposed to the public internet before being held for ransom by hackers.
The information, which was obtained from the state for reporting purposes by Newspaper organization, the Sacramento Bee, exposed includes voter’s names, addresses, birth dates, and political affiliation. While this does not constitute as PII by the state, this information is more than enough to aid cybercriminals in convincing phishing campaigns.
The Bee was storing the data in a MongoDB database that was left crucially exposed for a fortnight after a vendor performed routine maintenance and the firewall did not come back online. Simple as that. Hackers spotted the error, encrypted the data, and demanded a Bitcoin payment to unlock it.
The Bee ended up deleting the encrypted data instead of paying the ransom demand.
Even worse, a different database containing names, home addresses, email addresses, and phone numbers of 52,873 Sacramento Bee subscribers was compromised exactly the same way.
The Bee learned of the incident on January 29 when a developer noticed that a database wouldn’t upload properly to a server maintained by a third party hosting service. The developer then found a note from a hacker demanding a Bitcoin ransom payment in exchange for the data.
Unfortunately, this isn’t the first time California voters have had their vote details held for ransom. Security firm Kromtech reported a similar incident back in December 2017, but hackers in that scenario stole the database and left a ransom note in its place.
Ransomware attacks will continue to escalate if organizations disregard basic security rules and operate with misconfigured Mongo DBs and AWS S3 buckets.
Read this article on InfoSecurity Magazine