A database on a third party computer server comprised of over 19.5 million Californians voter records was exposed to the public internet before being held for ransom by hackers.

The information, which was obtained from the state for reporting purposes by Newspaper organization, the Sacramento Bee, exposed includes voter’s names, addresses, birth dates, and political affiliation. While this does not constitute as PII by the state, this information is more than enough to aid cybercriminals in convincing phishing campaigns.

The Bee was storing the data in a MongoDB database that was left crucially exposed for a fortnight after a vendor performed routine maintenance and the firewall did not come back online. Simple as that. Hackers spotted the error, encrypted the data, and demanded a Bitcoin payment to unlock it.

The Bee ended up deleting the encrypted data instead of paying the ransom demand.

Even worse, a different database containing names, home addresses, email addresses, and phone numbers of 52,873 Sacramento Bee subscribers was compromised exactly the same way.

The Bee learned of the incident on January 29 when a developer noticed that a database wouldn’t upload properly to a server maintained by a third party hosting service. The developer then found a note from a hacker demanding a Bitcoin ransom payment in exchange for the data.

Unfortunately, this isn’t the first time California voters have had their vote details held for ransom. Security firm Kromtech reported a similar incident back in December 2017, but hackers in that scenario stole the database and left a ransom note in its place.

Ransomware attacks will continue to escalate if organizations disregard basic security rules and operate with misconfigured Mongo DBs and AWS S3 buckets.


Request The FREE NNT Ransomware Mitigation Kit



Read this article on InfoSecurity Magazine

The Most Powerful & Reliable Cybersecurity Products
Contact Us

USA Offices

New Net Technologies LLC
4850 Tamiami Trail, Suite 301
Naples, Florida, 34103

New Net Technologies LLC
1175 Peachtree St NE
Atlanta, Georgia, 30361.

Tel: (844) 898-8358
[email protected]


UK Office

New Net Technologies Ltd
The Russell Building, West Common
Harpenden, Hertfordshire

Tel: 020 3917 4995
 [email protected]

SC Magazine Cybersecurity 500 CSGEA Winners 2021 CIS benchmarking SEWP Sans Institute Now Certified IBM Security
Copyright 2022, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.