Content, Breach, Ransomware, Vertical markets

AWS Cloud Database Leak: California Voter Data Exposed, Held for Ransom

An Amazon Web Services (AWS) server that contained California voter registration information recently was exposed, and cybercriminals stole this data and used it to extort a ransom, according to MacKeeper Security Research Center. The exposure apparently was caused by user misconfiguration rather than an Amazon error.

Security researchers earlier this month discovered an unprotected instance of a MongoDB database that appeared to contain California voter data, MacKeeper said in a prepared statement. The exposed voter data included the addresses, full names, phone numbers, birth dates and voting precincts of California citizens but did not appear to contain Social Security numbers or financial information.

The AWS database contained two datasets: one that included voter registration data for a local California district and another that contained more than 19 million records for the entire state of California, MacKeeper indicated. This information was available to anyone with an Internet connection to view or edit.

Cybercriminals used ransomware to wipe out the California voter data and likely backed it up on a server, MacKeeper stated. Also, researchers were unable to identify the cybercriminals behind the incident but found a ransom note demanding 0.2 bitcoin ($2,325.01 at the time of discovery).

The AWS database has been removed, and the Secretary of State of California is aware of the leak and "looking into it," MacKeeper said. However, California voter data could end up for sale on the "Dark Web," MacKeeper noted.

There were more than 18.2 million registered voters in California as of September, according to the Los Angeles Times. This figure indicates there are more registered voters in California than the population of 46 states.

Biggest AWS Cloud Leaks of 2017

Many globally recognized brands have suffered AWS cloud leaks in 2017, and in all cases the leaks involved user error rather than an Amazon security error. The leaks include:

  • AccentureAccenture exposed mission-critical intellectual property (IP) via an AWS cloud leak.
  • Time Warner Cable: More than 4 million Time Warner Cable customer records were exposed due to an AWS cloud leak.
  • VerizonAt least 14 million Verizon records were exposed due to an AWS S3 cloud leak.
  • WWE: A World Wresting Entertainment (WWE) AWS database leak exposed the personal information of more than 3 million users.

Misconfigured AWS cloud buckets have triggered many data leaks this year. Fortunately, MSSPs can help organizations configure AWS databases and provide AWS user education to minimize the risk of AWS database user issues or configuration errors.

Dan Kobialka

Dan Kobialka is senior contributing editor, MSSP Alert and ChannelE2E. He covers IT security, IT service provider business strategies and partner programs. Dan holds a M.A. in Print and Multimedia Journalism from Emerson College and a B.A. in English from Bridgewater State University. In his free time, Dan enjoys jogging, traveling, playing sports, touring breweries and watching football.