echo1

Level 20
Verified
The details of 93,424,710 Mexican voters were exposed online via an unprotected MongoDB database that had no admin password and was easily reachable via a public IP address.

MacKeeper security researcher Chris Vickery discovered the database on April 14, running on an Amazon AWS cloud server. Soon after he identified the data and realized what he was looking at, the researcher contacted the US State Department and later the State Department’s Office of Mexican Affairs.

Database was secured eight days after being discovered
After receiving no response, the researcher then contacted the US Secret Service, Department of Homeland Security, US-CERT, Amazon, and the Mexican embassy in the US.

Eight days later, Mexico's Instituto Federal Electoral (Federal Electoral Institute) (IFE) reached out to Mr. Vickery, thanked him for his efforts, and also informed him they secured the database.

IFE representatives told DataBreaches.net that the IP on which the server was running was not one of their own, that the database's total statistics did not match their own numbers, and that they'd start an investigation to see how the data ended up on a US-based Amazon server.

Mexican law prohibits companies from moving sensitive data o Mexican citizens across the border. The maximum penalty is six years in prison.

Database didn't contain financial or biometrics information
According to Vickery and DataBreaches.net, the database contained Mexican citizens' names, full addresses, dates of birth, mother's and father's name, current occupation, and their voter ID.

Vickery is the security researcher who also discovered the details of 191,337,174 US voters through another misconfigured MongoDB database.

Before this incident, the details of 55 million Filipinos were leaked after Anonymous and LulzSec Philippines hackers breached the COMELEC database at the start of the month. Prior to that incident, the details for 50 million Turks were also leaked online.
 

Raul90

Level 13
Mexico's Instituto Federal Electoral (Federal Electoral Institute) (IFE) and Philippines Commission on Elections (COMELEC) should be sanctioned by being complacent and letting people be vulnerable to personal data theft.
 
  • Like
Reactions: jamescv7

jamescv7

Level 61
Verified
Trusted
Here we go again, I.T staffs seems they are aware on the consequences.

Better yet, hackers that can turned out as white hat can definitely implement strong security because of background on 'hacking', its an insult not only for a citizen but also to the whole world because of poor on technological enhancements.

Trivia for anyone:

The suspect who was captured by NBI (National Bureau of Investigation) in the Philippines was praised by Microsoft and Facebook because of the skills to provide vulnerability reports. However condemned by COMELEC.
 
  • Like
Reactions: Mihir :-)