Information Security News mailing list archives

Previous By Date Next
Previous By Thread Next

Researcher finds trove of political fundraising, old voter data on open internet

From: InfoSec News <alerts () infosecnews org>
Date: Thu, 25 Oct 2018 06:55:11 +0000 (UTC)
https://www.cyberscoop.com/rice-consulting-nas-exposed-voter-data/

By Zaid Shoorbajee
Cyberscoop
Oct 24, 2018
A consulting firm that works with Democratic campaigns unknowingly left sensitive fundraiser information and credentials to old voter record databases open on the internet, according to a report published on Wednesday.
Cybersecurity company Hacken says it discovered an unprotected Network Attached Storage (NAS) device managed by Rice Consulting, a Maryland firm that provides fundraising and mass communication to Democratic clients. Authentication was reportedly disabled on the NAS, and Hacken says that it was indexed by Shodan, an Internet-of-Things search engine.
With its contents publicly accessible, the NAS revealed details about Rice Consulting's clients as well as details about "thousands of fundraisers," Hacken says. Those details include names, phone numbers, emails, addresses and companies. There were apparently also contracts, meeting notes, desktop backups and employee details.
Rice Consulting did not respond to an email request for comment on the Hacken report. When CyberScoop called the firm, the person who answered said "There’s no one here who can tell you anything," and hung up. 

[...]


--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
Previous By Date Next
Previous By Thread Next

Current thread: