The campaign app, Vote Joe, allows Biden supporters to encourage friends and family members to vote in the upcoming U.S. presidential election by uploading their phone’s contact lists to see if their friends and family members are registered to vote. The app uploads and matches the user’s contacts with voter data supplied from TargetSmart, a political marketing firm that claims to have files on more than 191 million Americans.

When a match is found, the app displays the voter’s name, age and birthday, and which recent election they voted in. This, the app says, helps users “find people you know and encourage them to get involved.”

While much of this data can already be public, the bug made it easy for anyone to access any voter’s information by using the app.

The App Analyst, a mobile expert who detailed his findings on his eponymous blog, found that he could trick the app into pulling in anyone’s information by creating a contact on his phone with the voter’s name.

Worse, he told TechCrunch, the app pulls in a lot more data than it actually displays. By intercepting the data that flows in and out of the device, he saw far more detailed and private information, including the voter’s home address, date of birth, gender, ethnicity and political party affiliation, such as Republican or Democrat.

The Biden campaign fixed the bug and pushed out an app update on Friday.

“We were made aware about how our third-party app developer was providing additional fields of information from commercially available data that was not needed,” Matt Hill, a spokesperson for the Biden campaign, told TechCrunch. “We worked with our vendor quickly to fix the issue and remove the information. We are committed to protecting the privacy of our staff, volunteers and supporters will always work with our vendors to do so.”

A spokesperson for TargetSmart said a “limited amount of publicly or commercially available data” was accessible to other users.