Both the DNC and RNC were hacked during the 2016 election. Now, it's been revealed that a conservative analytics company also left a massive amount of information on American voters exposed and it could've been downloaded by anyone who stumbled across it.
How much data qualifies as a massive amount?
Roughly 25 terabytes, which is enough hard drive space to store around 500 complete Blu-Ray movies. Noted security researcher Chris Vickery says, "In terms of the disc space used, this is the biggest exposure I've found." He adds, "In terms of the scope and depth, this is the biggest one I've found."
The data that was leaked includes incredibly detailed profiles on just north of 198 million registered voters, which pretty much accounts for everyone who was eligible to vote in the 2016 election. There were thousands of files, some quite small and others incredibly large. Just two Excel files, for example -- one on Hilary Clinton and another containing research on Reddit users -- totaled almost 400GB.
Individual profiles are incredibly detailed. Voters' attitudes towards just about any topic of political significance going back as far as ten years are scored. It's the kind of data that costs millions of dollars and requires countless man-hours to produce.
To be clear, this information was not stolen by hackers and then leaked; it was uploaded to a server that was not properly secured. Vickery says there wasn't even a password preventing access to the data. Anyone with the link could click in and download every single file.
Where did the data come from?
Upguard, where Vickery handles cyber risk research, says that it came from a number of sources. Some of it is publicly available, like voter rolls. Other information came from PACs, social networks, Kantar Research, and other consulting groups. Ultimately, the data was exposed by Deep Root, an analytics firm frequently tapped by the GOP to help maximize its advertising dollars during campaigns.
Deep Root told Gizmodo that much of the data "is [its] proprietary analysis to help inform local television ad buying." While UpGuard's Dan O'Sullivan notes that Deep Root isn't the only company that has access to this breadth of information on American voters, he says the lack of care in its handling creates serious cause for concern. " " O'Sullivan said.
For its part, Deep Root's Alex Lundry says the company has taken full responsibility for the leak. He also stated that Deep Root has put protections in place to ensure that the data can no longer be accessed by unauthorized parties.
Deep Root has been contacted for an official statement, and offered the following link. In its post, the company states "We are conducting an internal review and have retained cyber security firm Stroz Friedberg to conduct a thorough investigation."