A database on a third party computer server comprised of over 19.5 million Californians voter records was exposed to the public internet before being held for ransom by hackers.

The information, which was obtained from the state for reporting purposes by Newspaper organization, the Sacramento Bee, exposed includes voter’s names, addresses, birth dates, and political affiliation. While this does not constitute as PII by the state, this information is more than enough to aid cybercriminals in convincing phishing campaigns.

The Bee was storing the data in a MongoDB database that was left crucially exposed for a fortnight after a vendor performed routine maintenance and the firewall did not come back online. Simple as that. Hackers spotted the error, encrypted the data, and demanded a Bitcoin payment to unlock it.

The Bee ended up deleting the encrypted data instead of paying the ransom demand.

Even worse, a different database containing names, home addresses, email addresses, and phone numbers of 52,873 Sacramento Bee subscribers was compromised exactly the same way.

The Bee learned of the incident on January 29 when a developer noticed that a database wouldn’t upload properly to a server maintained by a third party hosting service. The developer then found a note from a hacker demanding a Bitcoin ransom payment in exchange for the data.

Unfortunately, this isn’t the first time California voters have had their vote details held for ransom. Security firm Kromtech reported a similar incident back in December 2017, but hackers in that scenario stole the database and left a ransom note in its place.

Ransomware attacks will continue to escalate if organizations disregard basic security rules and operate with misconfigured Mongo DBs and AWS S3 buckets.


Request The FREE NNT Ransomware Mitigation Kit



Read this article on InfoSecurity Magazine

NNT Suite of Products

change tracker gen7r2 logo

Combine industry leading Device Hardening, File Integrity Monitoring, Change Control, Configuration Management & Compliance Management into one easy to use solution that can scale to the most demanding environments!

fastcloud logo

Automatically evaluate and verify the authenticity of file changes in real-time with NNT FAST™ (File Approved-Safe Technology) Integrity Assurance.

log tracker logo logo

Comprehensive and easy to use security information & event log management with intelligent & self-learning correlation technology to highlight potentially harmful activity in seconds.

vulnerability tracker logo

Continuously scan and identify vulnerabilities with unparalleled accuracy and efficiency, protecting your IT assets on premises, in the cloud and mobile endpoints.

USA Offices
New Net Technologies LLC
Suite #10115, 9128 Strada Place
Naples, Florida, 34108
1175 Peachtree St NE
Atlanta, Georgia, 30361.
4145 SW Watson, Suite 350
Beaverton, Oregon, 97005.

Tel: (844) 898-8358
email [email protected]
UK Office
New Net Technologies Ltd
Rivers Lodge, West Common
Harpenden, Hertfordshire

Tel: 01582 287310
email [email protected]
CIS benchmarking SEWP Cybersecurity 500Sans Institute Now Certified IBM Security
Copyright 2019, New Net Technologies LLC. All rights reserved. 
NNT and Change Tracker are registered trademarks of New Net Technologies LLC.
All other product, company names and trademarks are the property of their respective owners.