A bug in Joe Biden’s campaign app gave anyone access to millions of voter files

A bug in Joe Biden’s campaign app gave anyone access to millions of...

https://t.co/hjiQA7cF5O?amp=1

Zack Whittaker@zackwhittaker / 7:10 pm GMTSeptember 14, 2020
SCRANTON, PENNSYLVANIA – SEPTEMBER 11: A political poster favoring U.S. presidential candidate former Vice President Joe Biden and Senator Kamala Harris is placed on a front lawn September 11, 2020 in Scranton, Pennsylvania. (Photo by Robert Nickelsberg/Getty Images)
A privacy bug in Democratic presidential candidate Joe Biden’s i official campaign app allowed anyone to look up sensitive voter information on millions of Americans, a security researcher has found.
The campaign app, Vote Joe, allows Biden supporters to encourage friends and family members to vote in the upcoming U.S. presidential election by uploading their phone’s contact lists to see if their friends and family members are registered to vote. The app uploads and matches the user’s contacts with voter data supplied from TargetSmart, a political marketing firm that claims to have files on more than 191 million Americans.
When a match is found, the app displays the voter’s name, age and birthday, and which recent election they voted in. This, the app says, helps users “find people you know and encourage them to get involved.”
While much of this data can already be public, the bug made it easy for anyone to access any voter’s information by using the app.
The App Analyst, a mobile expert who detailed his findings on his eponymous blog, found that he could trick the app into pulling in anyone’s information by creating a contact on his phone with the voter’s name.
Worse, he told TechCrunch, the app pulls in a lot more data than it actually displays. By intercepting the data that flows in and out of the device, he saw far more detailed and private information, including the voter’s home address, date of birth, gender, ethnicity and political party affiliation, such as Republican or Democrat.
The Biden campaign fixed the bug and pushed out an app update on Friday.
screenshot of Joe Biden's official iPhone app.
A screenshot of Joe Biden’s official campaign app, which uploads and matches a user’s contacts with their existing voter file. But a bug allowed anyone to pull in any voter’s information. (Image: TechCrunch)
“We were made aware about how our third-party app developer was providing additional fields of information from commercially available data that was not needed,” Matt Hill, a spokesperson for the Biden campaign, told TechCrunch. “We worked with our vendor quickly to fix the issue and remove the information. We are committed to protecting the privacy of our staff, volunteers and supporters will always work with our vendors to do so.”
A spokesperson for TargetSmart said a “limited amount of publicly or commercially available data” was accessible to other users.
It’s not uncommon for political campaigns to trade and share large amounts of voter information, called voter files, which includes basic information like a voter’s name, often their home address and contact information and which political parties they are registered with. Voter files can differ wildly state to state.
Though a lot of this data can be publicly available, political firms also try to enrich their databases with additional data from other sources to help political campaigns identify and target key swing voters.
But several security lapses involving these vast banks of data have questioned whether political firms can keep this data safe.
It’s not the first time TargetSmart has been embroiled in a data leak. In 2017, a voter file compiled by TargetSmart on close to 600,000 voters in Alaska was left on an exposed server without a password. And in 2018, TechCrunch reported that close to 15 million records on Texas voters were found on an exposed and unsecured server, just months ahead of the U.S. midterm elections.
Last week Microsoft warned that hackers backed by Russia, China and Iran are targeting both the 2020 presidential campaigns but also their political advisors. Reuters reported that one of those firms, Washington, DC-based SKDKnickerbocker, a political consultant to the Biden campaign, was targeted by Russian intelligence but that there was “no breach.”

Views: 33

Comment

You need to be a member of 12160 Social Network to add comments!

Join 12160 Social Network

"Destroying the New World Order"

TOP CONTENT THIS WEEK

THANK YOU FOR SUPPORTING THE SITE!

mobile page

12160.info/m

12160 Administrators

 

Latest Activity

tjdavis posted a video

Alabama’s Biggest Secret - Operation Paperclip 🇺🇸

In the north of Alabama is the city of Huntsville. It's here where German scientists built NASA in secrecy after World War II. Operation Paperclip is still s...
1 hour ago
tjdavis posted a photo
2 hours ago
Doc Vega commented on Doc Vega's blog post Americans You’re Being Squeezed Out!
"Cheeki kea always nice to her you chime in and you're damn right! "
17 hours ago
Doc Vega commented on Doc Vega's blog post Americans You’re Being Squeezed Out!
"Les Prone thanks for your support Dude! "
17 hours ago
Doc Vega posted blog posts
17 hours ago
Doc Vega posted a photo

The inconvenient truth

Trump spells it out!
21 hours ago
Sandy posted a photo
yesterday
Less Prone favorited Doc Vega's blog post What Made the Founding Fathers of America so Brilliant?
yesterday
Less Prone commented on Doc Vega's blog post Why didn't the Archeological World Announce Proof that Jesus Lived?
"Motives of Joe, to shit in the well by showing totally irrelevant proof?"
yesterday
Doc Vega commented on Doc Vega's blog post Why didn't the Archeological World Announce Proof that Jesus Lived?
"Less, Motives of Wyatt or Joe? What archeologist wouldn't want proof of Jesus as part of his…"
yesterday
Doc Vega commented on Doc Vega's blog post Why didn't the Archeological World Announce Proof that Jesus Lived?
"Less Prone, Considering Joe Rogan to be the gatekeeper of anything is just short of ridiculous the…"
yesterday
MAC posted a video

Don't Go To Hong Kong Now (Even on Connecting Flights)

Secure your privacy with Surfshark! Enter coupon code laowhy86 for an extra 3 months free at https://Surfshark.deals/laowhy86Article 23 in Hong Kong is real,...
yesterday
cheeki kea commented on cheeki kea's video
Thumbnail

Terrorist Attack on Moscow - Ukraine Committing Suicide? | Larry C. Johnson

"...And I guess I'll just park this you tube here also for something to ponder from last year.…"
Tuesday
tjdavis posted photos
Tuesday
Less Prone posted a video

Climate: The Movie (The Cold Truth) NL

Deze nieuwe documentaire van de Britse filmmaker Martin Durkin toont aan dat klimaatalarm een verzonnen doembeeld is zonder enige wetenschappelijke basis. He...
Monday
Less Prone commented on Doc Vega's blog post Why didn't the Archeological World Announce Proof that Jesus Lived?
"It can be true, but why isn't he offering real evidence? What are his motives?"
Monday
Less Prone favorited Doc Vega's blog post Americans You’re Being Squeezed Out!
Monday
cheeki kea favorited Less Prone's blog post Going against the stream of lies and death
Monday
cheeki kea commented on Doc Vega's blog post Americans You’re Being Squeezed Out!
"You're spot on in regards to the the real estate component of this mass migrant mess Doc V and…"
Monday
cheeki kea commented on cheeki kea's video
Thumbnail

Terrorist Attack on Moscow - Ukraine Committing Suicide? | Larry C. Johnson

"This video out 2 days ago but the 4 terrorists already caught and 11 others involved identified…"
Monday

© 2024   Created by truth.   Powered by

Badges  |  Report an Issue  |  Terms of Service

content and site copyright 12160.info 2007-2019 - all rights reserved. unless otherwise noted