【快訊】美國選民資料庫泄露，包含2億選民個人信息

01-26

6月19日數據安全公司UpGuard證實，亞馬遜的雲空間上存在一個美國選民資料庫，因資料庫配置不當導致用戶信息泄露，不用密碼即可訪問，數據總量大於1.1T。

其中幾乎包含了所有2億美國登記選民的個人信息。

幾乎泄露了超過全美人口百分之六十一的個人信息。

數據來源是共和黨全國委員會聘請的公司TargetPoint Consulting 、 Deep Root和Data Trust。

這個資料庫一共包含近三次大選時1.98億美國登記選民的姓名、生日、家庭住址、電話號碼、選民登記信息、種族和宗教信仰，大部分還列舉了每個選民對槍支、墮胎、環保、稅收等議題的態度。

"RNCID", "RNC_RegID", "State", "SOURCEID", "Juriscode", "Jurisname", "CountyFIPS", "MCD", "CNTY", "Town", "Ward", "Precinct", "Ballotbox", "PrecinctName", "CD_Current", "CD_NextElection", "SD_Current", "SDProper_Current", "SD_NextElection", "SDProper_NextElection", "LD_Current", "LDS_Current", "LDProper_Current", "LD_NextElection", "LDS_NextElection", "LDProper_NextElection", "NamePrefix", "FirstName", "MiddleName", "LastName", "NameSuffix", "Sex", "BirthYear", "BirthMonth", "BirthDay", "OfficialParty", "StateCalcParty", "RNCCalcParty", "StateVoterID", "JurisdictionVoterID", "AffidavitID", "LegacyID", "LastActiveDate", "RegistrationDate", "VoterStatus", "PermAbs", "SelfReportedDemographic", "ModeledEthnicity", "ModeledReligion", "ModeledEthnicGroup", "HHSEQ", "HTSEQ", "RegistrationAddr1", "RegistrationAddr2", "RegHouseNum", "RegHouseSfx", "RegStPrefix", "RegStName", "RegStType", "RegstPost", "RegUnitType", "RegUnitNumber", "RegCity", "RegSta", "RegZip5", "RegZip4", "RegLatitude", "RegLongitude", "RegGeocodeLevel", "RADR_LastCleanse", "RADR_LastGeoCode", "RADR_LastCOA", "ChangeOfAddress", "COADate", "COAType", "MailingAddr1", "MailingAddr2", "MailHouseNum", "MailHouseSfx", "MailStPrefix", "MailStName", "MailStType", "MailStPost", "MailUnitType", "MailUnitNumber", "MailCity", "MailSta", "MailZip5", "MailZip4", "MailSortCodeRoute", "MailDeliveryPt", "MailDeliveryPtChkDigit", "MailLineOfTravel", "MailLineOfTravelOrder", "MailDPVStatus", "MADR_LastCleanse", "MADR_LastCOA", "AreaCode", "TelephoneNUm", "TelSourceCode", "TelMatchLevel", "TelReliability", "FTC_DoNotCall", "PhoneAppendDate", "VH12G", "VH12P", "VH12PP", "VH11G", "VH11P", "VH10G", "VH10P", "VH09G", "VH09P", "VH08G", "VH08P", "VH08PP", "VH07G", "VH07P", "VH06G", "VH06P", "VH05G", "VH05P", "VH04G", "VH04P", "VH04PP", "VH03G", "VH03P", "VH02G", "VH02P", "MT10_Party", "MT10_GenericBallot", "MT10_Turnout", "MT10_ObamaDisapproval", "MT10_Jobs", "MT10_Healthcare", "MT10_SoCo", "PG01", "PG02", "PG03", "PG04", "PG05", "PG06", "PG07", "PG08", "PG09", "PG10", "PG11", "PG12", "PG13", "PG14", "PG15", "PG16", "PG17", "PG18", "PG19", "PG20", "PG21", "PG22", "PG23", "PG24", "PG25", "PG26", "PG27", "PG28", "PG29", "PG30", "PG31", "PG32", "PG33", "PG34", "PG35", "PG36", "PG37", "PG38", "PG39"

UpGuard的數據專家6月12日通過reddit網站上的線索在暗網上發現了資料庫，花了兩天時間才把數據下載完。他們認為這是美國歷史上最大的選民信息泄露事件。

The RNC Files: Inside the Largest US Voter Data Leak

————————————————————————

這不是第一次美國選民個人信息泄露事件。

早在2015年12月，美國曾發生過1.9億選民個人信息泄露事件。安全研究人員Vickery發現了錯誤配置的MongoDB資料庫導致1.9億選民個人信息泄露，包括：

姓名（全稱）
居住地址
郵箱地址

投票ID
州選民ID
性別
出生日期
註冊日期
電話號碼
政治面貌
2000年以來的投票歷史
選民預測分數欄位

數據總量超過300G

但是當時當局並沒有引起重視。

2016年1月，Vickery發現第二次MongoDB資料庫暴露超過5600萬選民檔案信息。一些數據在暗網兜售，僅售幾比特幣。

——————————————————————

在2016年6月，因為黑客入侵，導致1.54億美國選民個人信息泄露。

泄露的信息包括：地址、城市、州、郵編、年齡、估計收入、種族、姓、名、性別、政黨協會、電話號碼、投票頻率、國會和州參議院地區歸屬，收入、是否有子女、電子郵箱地址、Facebook個人檔案URL以及選民是否持槍。

Addresses_AddressLine

Addresses_City

Addresses_State

Addresses_Zip

Addresses_ZipPlus4

Age

Congressional_District_2011_NEW

EstimatedIncome

Ethnic

FirstName

Gender

LastName

Parties

Phone10

State_Senate_District_2011_NEW

Vote_Frequency

ZIP