Latest in Gear

Image credit: Omar Marques/SOPA Images/LightRocket via Getty Images

Political committee left 6.2 million email addresses exposed for 9 years

The damage is limited, but it's still a serious slip-up.
123 Shares
Share
Tweet
Share
Save

Sponsored Links

Omar Marques/SOPA Images/LightRocket via Getty Images

It's all too common for organizations to leave sensitive data exposed on their servers, but the latest incident might leave some scratching their heads. UpGuard discovered that the Democratic Senatorial Campaign Committee left about 6.2 million email addresses exposed in a badly configured Amazon S3 cloud storage bucket since 2010 -- yes, nine years ago. The data file was apparently meant to exclude people from the DSCC's marketing emails during Hillary Clinton's Senate tenure. Most of them were clearly personal addresses, although there were thousands of .gov and .mil addresses as well.

The data didn't include anything more than the email addresses, so the potential for abuse was relatively small. However, it's concerning that the S3 bucket gave everyone "full control," letting people not only modify the list but change access permissions.

The DSCC locked down its cloud storage within hours of UpGuard reporting the finding on July 26th. It's not clear if anyone outside of the DSCC had accessed the data before the discovery.

Whatever happened with the email list, the incident highlights how online campaign security has changed (and not) over the past several years. Official weren't as acutely aware of the digital threats from Russia and other hostile actors, not to mention the overall consequences of leaving databases vulnerable -- now, even a 'modest' failure like this considered problematic. With that said, there are still gaping security holes in the US political system, and it's concerning that the DSCC didn't catch this mistake on its own.

All products recommended by Engadget are selected by our editorial team, independent of our parent company. Some of our stories include affiliate links. If you buy something through one of these links, we may earn an affiliate commission.
Comment
Comments
Share
123 Shares
Share
Tweet
Share
Save

Popular on Engadget

Engadget's Guide to Privacy

Engadget's Guide to Privacy

View
FCC creates two 'innovation zones' to test next-gen wireless

FCC creates two 'innovation zones' to test next-gen wireless

View
‘Call of Duty’ comes to mobile on October 1st

‘Call of Duty’ comes to mobile on October 1st

View
AT&T reportedly considers offloading its DirecTV satellite unit

AT&T reportedly considers offloading its DirecTV satellite unit

View
T-Mobile’s Sprint merger is opposed by 18 state attorneys general

T-Mobile’s Sprint merger is opposed by 18 state attorneys general

View

From around the web

Page 1Page 1ear iconeye iconFill 23text filevr