Threat Watch

Large Amount of Information Exposed Due to Unprotected VoterVoice Database

A platform that connects government relations professionals and political advocates known as VoterVoice left a database unprotected, which left the information of a large number of people exposed. Over 300,000 email addresses, as well as home addresses, phone numbers, political persuasions, and religious beliefs, were all contained in the database. A single file inside that database included over 4,000 names, phone numbers, and emails of people who were sending requests to lawmakers that pertained to Medicare reform. At this time, it is not known how long the database was left open which means the information may have been accessed by someone with malicious intent. The server that the database operated on was created by a VoterVoice contractor that worked for the software company, FiscalNote. However, FiscalNote is denying full responsibly for the instance. After analyzing the scope of the issue, VoterVoice confirmed that the server containing the database had been secured.

ANALYST NOTES

Due to email addresses being included in the breach, users should be cautious of attempted phishing campaigns that may be carried out in the future. Since other personal information such as names, phone numbers, home addresses, religious and political beliefs were included, it would not be uncommon for attackers to create fake accounts in order to carry out other malicious activities.