Robocall Firm Exposes Hundreds of Thousands of US Voters' Records

[DooKey]

It seems like every week I'm posting about another data breach or hack and this week is no exception. RoboCent, a political robocall firm, left exposed an AWS bucket that had voter records for hundreds of thousands of US voters. The data exposed included names, addresses, phone numbers, age and birth year, political affiliation and more. I continue to post this kind of news because it's important for people to know just how poorly some companies handle our private data. When are people going to go to jail for this?

Diachenko says he notified the company about their exposed database, and they secured it shortly after his report.

"We're a small shop (I'm the only developer) so keeping track of everything can be tough," a RoboCent employee told Diachenko.

 

[YeuEmMaiMai]

sing me up, oh wait.....

 

[Aireoth]

All your base are belong to us.

 

[raz-0]

My knee jerk reaction is to be pissed at a lazy company who I don't even want calling me exposing my info they only have to annoy me.

However, I do have to ask if Amazon doesn't set this shit to not be public by default. Is this deliberate stupidity, or people not locking down stuff that is provisioned shittily? Because if it is the latter, we should start leaning on AWS to do better.

 

[sfsuphysics]

So my first thought is that none of this information is "private" it's just stuff that has been collected and is for sale. My second thought is why would people give a shit about the data being "exposed" when the company themselves exposes it to anyone who writes the appropriate sized check.

 

[pcgeekesq]

When are people going to go to jail for this?

When the outrage from the voters exceeds the donations and utility of the robocallers to the politicians, and not before.

We've reached the sad state of affairs where laws are only enforced when it's politically useful to do so.
(This is also how many media outlets decide which news to report, unfortunately.
But not the [H], knock on wood.)

 

[Cyraxx]

Meh, at this point it's so normal I don't really care anymore.

This one mainly just has name, address, and phone number.

Social Security is when I start to get pissy since you can actually screw with someone with that information. But name and address? Meh, I stopped caring a long time ago after the 5th data leak.

 

[AceGoober]

We're a small shop (I'm the only developer) so keeping track of everything can be tough," a RoboCent employee told Diachenko.

Boo fucking hoo. If their lowest priority is properly securing personal customer data then they shouldn't be allowed to operate or in the business at all until they get their shit together and make it top priority.

 

[kju1]

"We're a small shop (I'm the only developer) so keeping track of everything can be tough," a RoboCent employee told Diachenko.

Excuses. Dont fucking get the data if you cant bother to secure it properly. Period.

 

[katanaD]

Boo fucking hoo. If their lowest priority is properly securing personal customer data then they shouldn't be allowed to operate or in the business at all until they get their shit together and make it top priority.

yeah i read that and couldnt give 2 shits.

 

[Galvin]

Some day exposed data will bite some well known politician. Then they'll do something about it.

 

[oROEchimaru]

no Jail = FCC caring.

Ever get the same robo calls from virginia for 2 years straight 1-2x a day at work about your credit card and report it to FCC since its a scam then report it to FCC and they state "there is nothing they can do and there is no evidence of blah blah blah "? Thats our FCC.

 

[BloodyIron]

FYI people, that's enough info for people to do identity fraud on your ass, and plenty of other things.

Consider that pharmacies use your address, phone number, and date of birth as identity validation. This can be used to illegally obtain controlled substances in an untraceable way.

This is also enough information to have credit cards issued in someone else's name, without their knowledge.

You guys really need to take your privacy a lot more seriously. Or you're gonna get fucked.

 

[SvenBent]

ima vote for the next president that that make companeus have to pay for data breaches.
dont core if its Republician libereal, Neonazi. jihad yelling muslim or a goat eating satan worshipper.

 

[Biznatch]

My knee jerk reaction is to be pissed at a lazy company who I don't even want calling me exposing my info they only have to annoy me.

However, I do have to ask if Amazon doesn't set this shit to not be public by default. Is this deliberate stupidity, or people not locking down stuff that is provisioned shittily? Because if it is the latter, we should start leaning on AWS to do better.

Have you used AWS/S3? The buckets are private by default with no permissions to access other than the root admin user. If you make the bucket or objects inside public, it throws a bunch of warnings and you have to acknowledge in order to save the changes. Unless you are using the CLI and don't know what the fuck you're doing, it is REALLY hard to accidentally make a bucket public.

Because of all of these 'breaches' from shitty companies cloud security settings, I had to go write some lambdas that run a daily scan on all buckets and sends alerts if any bucket is publicly enabled, and a second lambda that scans all objects put in a bucket to confirm it doesn't have public permissions enabled. So if someone drops a public object in the bucket, the security team immediately receives and email with bucket/object name.

 

[meltdowner]

To be honest, I think our votes should be public information. THere's less chance for corruption to occur.

So whatever, no votes were ever manipulated as far as we know.

 

[travisty]

To be honest, I think our votes should be public information. THere's less chance for corruption to occur.

So whatever, no votes were ever manipulated as far as we know.

It sounds good but it can be easily used by evil characters to target/find/scare/kill people with specific ideals.

 

[Spidey329]

I just hope that the politicians and their families data are among these breaches (and poor security, leaks).

That's the only way anything will get gone.

I already know my data is out there just on the sheer volume of spam calls I get. Some even call at 6am (I assume they don't adjust their dialer for timezones). According to about 20 warnings I've gotten this month, I should be arrested by the local police for an overdue tax bill.

I try to report those through the IRS, but it's like full time work at this point.

A digital receptionist voice captcha would be so useful. Just an AI receptionist that greets the caller and asks them a question (many dumb robocalls would fail here), they enter a response, and send you the call if it was right. Options to dump to voicemail or hang up on failure. Whitelist of contacts automatically.

It sounds good but it can be easily used by evil characters to target/find/scare/kill people with specific ideals.

100% it'd be abused. I can think of a few ways someone might tie it to healthdata, or credit scoring.

 

[TexasTea]

Voter information is generally public domain information. Every state, heck, every county in the US makes voter information available to the general public. In most cases you just have to ask. The county where I live makes all this information available as a spreadsheet download from their web site. You have to register first and promise not to use it for commercial purposes (ha, ha).

 

[DNMock]

FYI people, that's enough info for people to do identity fraud on your ass, and plenty of other things.

Consider that pharmacies use your address, phone number, and date of birth as identity validation. This can be used to illegally obtain controlled substances in an untraceable way.

This is also enough information to have credit cards issued in someone else's name, without their knowledge.

You guys really need to take your privacy a lot more seriously. Or you're gonna get fucked.

Hmm? I have a script for 2 controlled substances and it's a nightmare trying to get the pharmacies to fill them. Gotta call the doctor to have them call the pharmacy to give them confirmation, then you must have a valid id to scan into their system before they give me the goods. No exceptions. If you know a pharmacy that will hook it up with just that amount of trivial info I'd love to know of it cus this hoop jumping nonsense sucks.

 

[velusip]

My knee jerk reaction is to be pissed at a lazy company who I don't even want calling me exposing my info they only have to annoy me.

However, I do have to ask if Amazon doesn't set this shit to not be public by default. Is this deliberate stupidity, or people not locking down stuff that is provisioned shittily? Because if it is the latter, we should start leaning on AWS to do better.

It's never the responsibility of the service provider.

 

[meltdowner]

Like youre attempting to do with that response? Oh the irony.

Edit: meant to reply to the guy above who is using scare tactics.

 

[_l_]

It seems like every week I'm posting about another data breach or hack and this week is no exception.

folks haven't seen anything yet ... just wait. Small wonder they knew about this stuff years ago and were able to do, well , nothing about it really.

I did a fresh install of Windows 10 on my HTPC last night and here's how iTunes is handling it today. I can't access My Account at Apple via iTunes. This is a new security that was put in place June 2018. After the install and I sign in to iTunes my movies and songs don't show up. Usually closing iTunes and restarting solved it but no more.

Fortunately I've been building a physical Blu-Ray collection so I just uninstalled iTunes for good and definitely won't buy anything Apple in the futue, even when my 2008 Macbook Pro eventually fails (aka they permanently lost me as a future customer)

IMHO Apple sucks the MacIntosh

 

[cdabc123]

To be honest, I think our votes should be public information. THere's less chance for corruption to occur.

So whatever, no votes were ever manipulated as far as we know.

That would make it too easily to sell/buy votes. There is a way to be able to verify your vote without giving up the privacy of your vote but it's fairly complex

 

[Merc1138]

To be honest, I think our votes should be public information. THere's less chance for corruption to occur.

So whatever, no votes were ever manipulated as far as we know.

Less? You're joking, right?

There are some parts in California where the wrong bumper sticker(take a guess) can mean thousands of dollars in property damage(when you get beyond those $300 single spray maaco specials, repainting a car isn't cheap) due to keyed cars, crap thrown through windows, etc. and you want who people vote for to be public information? HELL NO.

 

[meltdowner]

Less? You're joking, right?

There are some parts in California where the wrong bumper sticker(take a guess) can mean thousands of dollars in property damage(when you get beyond those $300 single spray maaco specials, repainting a car isn't cheap) due to keyed cars, crap thrown through windows, etc. and you want who people vote for to be public information? HELL NO.

Wow, you guys are absolute cowards. If you are afraid to vote for who you want because you're fearful of your car being damaged, then you are an absolute coward.

 

[meltdowner]

That would make it too easily to sell/buy votes. There is a way to be able to verify your vote without giving up the privacy of your vote but it's fairly complex

Huh? How does the voter tally's being public information increase the chances of buying and selling votes?

 

[Merc1138]

Wow, you guys are absolute cowards. If you are afraid to vote for who you want because you're fearful of your car being damaged, then you are an absolute coward.

Yes, I'm a coward because I don't feel the need to advertise how I vote due to maniacs existing that would rather just burn my house down. You do realize the entire point of confidential voting is so people can't intimidate others over how they vote, right?

Huh? How does the voter tally's being public information increase the chances of buying and selling votes?

If someone knows how you vote, they can threaten to beat you up, destroy your property, etc. if you vote that way again. This goes as far back as the days when the KKK was much more prominent than they are now.

If someone knows how you vote, and can actually confirm that data it becomes very easy to buy votes from those susceptible to being offered a few bucks to easily swing smaller elections.

If someone knows how you vote, it becomes yet another thing to discriminate against when it comes to...

Employment
Healthcare
Insurance
Financing/Mortgages/Credit

No sane person who even has the slightest inkling of their privacy being of any value, would want that information publicly verifiable.

 

[meltdowner]

Yes, I'm a coward because I don't feel the need to advertise how I vote due to maniacs existing that would rather just burn my house down. You do realize the entire point of confidential voting is so people can't intimidate others over how they vote, right?


View attachment 90244

If someone knows how you vote, they can threaten to beat you up, destroy your property, etc. if you vote that way again. This goes as far back as the days when the KKK was much more prominent than they are now.

If someone knows how you vote, and can actually confirm that data it becomes very easy to buy votes from those susceptible to being offered a few bucks to easily swing smaller elections.

If someone knows how you vote, it becomes yet another thing to discriminate against when it comes to...

Employment
Healthcare
Insurance
Financing/Mortgages/Credit

No sane person who even has the slightest inkling of their privacy being of any value, would want that information publicly verifiable.

So you would rather have a forever corrupt system where you are never sure if you vote actually registered for who you voted for, vs the possibility you're going to have someone beat you up because they know how you voted? lmfao, you must not care about this country that much if that deters you.

Secondly, people are already buying votes. How do you think the democrats get their votes? They promise FREE SHIT to their voters. That's why socialism is appealing to the lazy.

Your arguments are absolutely childish.

 

[Merc1138]

So you would rather have a forever corrupt system where you are never sure if you vote actually registered for who you voted for, vs the possibility you're going to have someone beat you up because they know how you voted? lmfao, you must not care about this country that much if that deters you.

Secondly, people are already buying votes. How do you think the democrats get their votes? They promise FREE SHIT to their voters. That's why socialism is appealing to the lazy.

Your arguments are absolutely childish.

I just got through explaining to you how corrupt the system would be if you could verify votes, and you still don't get it, do you?

Even with the current system, unless you have people taking photos of their ballot as they drop it off, you can't verify what they actually voted on. Your idiotic idea would make that WORSE. I gave you the benefit of the doubt that perhaps you really didn't know why votes are cast in confidentiality, but you really are just that dumb. Even if I'm an able bodied male who can deal with some fedora wearing effeminate SJW on the street, the same would not apply to a 70 year old man who has the same rights to vote as everyone else and would not necessarily be able to defend themselves. Worse, with all of the political grandstanding BS about internalized misogyny claiming that the only women who didn't vote for Clinton were just being beaten by their father/husband/son/whoever, your dumbass idea would actually make the idea of domestic violence over votes a real possibility(unlike the current system we have). Even with one party promising free crap to voters, your idea would just make it even more effective.

Today is only Thursday, but your crap is some of the dumbest stuff I've read all week and it would take an act of some omnipotent being to top that.

 

[cdabc123]

So you would rather have a forever corrupt system where you are never sure if you vote actually registered for who you voted for, vs the possibility you're going to have someone beat you up because they know how you voted? lmfao, you must not care about this country that much if that deters you.

Secondly, people are already buying votes. How do you think the democrats get their votes? They promise FREE SHIT to their voters. That's why socialism is appealing to the lazy.

Your arguments are absolutely childish.

Better to try to fix that at the source. And I really don't believe it's all that prominent to begin with. I can guarantee that if it was public there would be direct buying of votes. That cannot happen now as if you pay me $100 to vote for x I'm going to take that $100 and vote for whoever I feel like voting for.


With that said it is possible to have both secrecy and being able to confirm your vote but it would require alot of new hardware for voting booths as well as a relatively smart population neither of which we have

 

[meltdowner]

I just got through explaining to you how corrupt the system would be if you could verify votes, and you still don't get it, do you?

Even with the current system, unless you have people taking photos of their ballot as they drop it off, you can't verify what they actually voted on. Your idiotic idea would make that WORSE. I gave you the benefit of the doubt that perhaps you really didn't know why votes are cast in confidentiality, but you really are just that dumb. Even if I'm an able bodied male who can deal with some fedora wearing effeminate SJW on the street, the same would not apply to a 70 year old man who has the same rights to vote as everyone else and would not necessarily be able to defend themselves. Worse, with all of the political grandstanding BS about internalized misogyny claiming that the only women who didn't vote for Clinton were just being beaten by their father/husband/son/whoever, your dumbass idea would actually make the idea of domestic violence over votes a real possibility(unlike the current system we have). Even with one party promising free crap to voters, your idea would just make it even more effective.

Today is only Thursday, but your crap is some of the dumbest stuff I've read all week and it would take an act of some omnipotent being to top that.

Oh boy, what is receipt. You are losing it my cowardly friend.

 

[meltdowner]

Better to try to fix that at the source. And I really don't believe it's all that prominent to begin with. I can guarantee that if it was public there would be direct buying of votes. That cannot happen now as if you pay me $100 to vote for x I'm going to take that $100 and vote for whoever I feel like voting for.


With that said it is possible to have both secrecy and being able to confirm your vote but it would require alot of new hardware for voting booths as well as a relatively smart population neither of which we have

Buying votes already happens.

 

[cdabc123]

Buying votes already happens.

not really. no one offeres money for a vote as there is no way to verify that that person votes for who you said. Unless your talking about some incentive bs. in which case every party ever is buying votes.

if one party promises a shrink in taxes you could concider that buying votes

if one party promises a larger payout in aid programs you could concider that buying votes

if one party promises policys that benefit literally any group of people you could concider that buying votes


However none of that is buying votes

 

[meltdowner]

not really. no one offeres money for a vote as there is no way to verify that that person votes for who you said. Unless your talking about some incentive bs. in which case every party ever is buying votes.

if one party promises a shrink in taxes you could concider that buying votes

if one party promises a larger payout in aid programs you could concider that buying votes

if one party promises policys that benefit literally any group of people you could concider that buying votes


However none of that is buying votes

Yes it is. So making voting results public changes nothing. Thanks you proved my point.

 

[cdabc123]

Yes it is. So making voting results public changes nothing. Thanks you proved my point.

you just pulled the excuse that all little kids pull a few times a month.

person a: yes it is and here is why

person b (you): nuhhhhuuuuuuu.

feel free to actuall add some more points to your argument if you want though and im happy to listen.

I was more prefering to talk about the technical standpoint of how it would be possible as honestly politics bore and annoy me.

 

[meltdowner]

you just pulled the excuse that all little kids pull a few times a month.

person a: yes it is and here is why

person b (you): nuhhhhuuuuuuu.

feel free to actuall add some more points to your argument if you want though and im happy to listen.

I was more prefering to talk about the technical standpoint of how it would be possible as honestly politics bore and annoy me.

Lol. You proved my point. Sorry you have a poor grasp of reality.

 

[jhymesba]

Lol. You proved my point. Sorry you have a poor grasp of reality.

And this is why we can't have good things...and before you think I'm taking cdabc123 to task, let me be clear. YOU BOTH are why we can't have good things!

 

[zkostik]

Excuses. Dont fucking get the data if you cant bother to secure it properly. Period.

Amen to that! But only in a perfect world probably, though these people should be held accountable for fuck ups.

 

[Zuul]

eh..why is there a database over political affiliation? meh whatever. I'm not surprised by anything anymore.