Unprotected Database Exposes Details of 93.4 Million Mexican Voters

echo1

Level 20
Thread author
Verified
Top Poster
Well-known
Sep 18, 2014
960
The details of 93,424,710 Mexican voters were exposed online via an unprotected MongoDB database that had no admin password and was easily reachable via a public IP address.

MacKeeper security researcher Chris Vickery discovered the database on April 14, running on an Amazon AWS cloud server. Soon after he identified the data and realized what he was looking at, the researcher contacted the US State Department and later the State Department’s Office of Mexican Affairs.

Database was secured eight days after being discovered
After receiving no response, the researcher then contacted the US Secret Service, Department of Homeland Security, US-CERT, Amazon, and the Mexican embassy in the US.

Eight days later, Mexico's Instituto Federal Electoral (Federal Electoral Institute) (IFE) reached out to Mr. Vickery, thanked him for his efforts, and also informed him they secured the database.

IFE representatives told DataBreaches.net that the IP on which the server was running was not one of their own, that the database's total statistics did not match their own numbers, and that they'd start an investigation to see how the data ended up on a US-based Amazon server.

Mexican law prohibits companies from moving sensitive data o Mexican citizens across the border. The maximum penalty is six years in prison.

Database didn't contain financial or biometrics information
According to Vickery and DataBreaches.net, the database contained Mexican citizens' names, full addresses, dates of birth, mother's and father's name, current occupation, and their voter ID.

Vickery is the security researcher who also discovered the details of 191,337,174 US voters through another misconfigured MongoDB database.

Before this incident, the details of 55 million Filipinos were leaked after Anonymous and LulzSec Philippines hackers breached the COMELEC database at the start of the month. Prior to that incident, the details for 50 million Turks were also leaked online.
 

Raul90

Level 14
Feb 5, 2012
658
Mexico's Instituto Federal Electoral (Federal Electoral Institute) (IFE) and Philippines Commission on Elections (COMELEC) should be sanctioned by being complacent and letting people be vulnerable to personal data theft.
 
  • Like
Reactions: jamescv7

jamescv7

Level 85
Verified
Honorary Member
Mar 15, 2011
13,070
Here we go again, I.T staffs seems they are aware on the consequences.

Better yet, hackers that can turned out as white hat can definitely implement strong security because of background on 'hacking', its an insult not only for a citizen but also to the whole world because of poor on technological enhancements.

Trivia for anyone:

The suspect who was captured by NBI (National Bureau of Investigation) in the Philippines was praised by Microsoft and Facebook because of the skills to provide vulnerability reports. However condemned by COMELEC.
 
  • Like
Reactions: Mihir :-)

About us

  • MalwareTips is a community-driven platform providing the latest information and resources on malware and cyber threats. Our team of experienced professionals and passionate volunteers work to keep the internet safe and secure. We provide accurate, up-to-date information and strive to build a strong and supportive community dedicated to cybersecurity.

User Menu

Follow us

Follow us on Facebook or Twitter to know first about the latest cybersecurity incidents and malware threats.

Top