A security researcher found a privacy bug in the official application of the Democratic presidential candidate’s election campaign (Joe Biden), Which allowed anyone to search for the sensitive information of millions of American voters.
The campaign application named (Vote Joe) To Biden supporters of American voters by encouraging friends and family to vote in the upcoming US presidential election by uploading contact lists to see if their friends and family members are registered to vote.
The app downloads the user’s contacts and matches them with voter data provided by TargetSmart, a political marketing company that claims to have files on more than 191 million Americans.
When a match is found, the app displays the voter’s name, age, birthday, and last election in which they voted.
And the app says: This helps American voters find people they know and encourage participation.
Although much of this data can be public, the mistake made it easy for anyone to access any voter’s information using the app.
AndDiscover Application analyst that he can trick the application into pulling anyone’s information by making a contact on his phone with the name of the voter.
The app pulls much more data than it displays, and the app analyst saw more detailed and private information by intercepting the data, including the voter’s home address, date of birth, gender, ethnicity, and political party affiliation.
The Biden campaign fixed the bug and published an app update, and Matt Hill, a Biden campaign spokesperson, said: We have been advised how our third-party app developer is providing additional fields of information from commercially available data that were not necessary.
He added, “We have worked with the application developer quickly to fix the problem and remove the information. We are committed to protecting the privacy of our employees, and our volunteers and supporters are always working with the application developer to do so.”
Hill opposed the researcher’s findings, including that the app displays gender, race, or home addresses, and a spokesperson for TargetSmart said: The limited amount of publicly or commercially available data was available to other users.
Aside from the fact that much of this data is publicly available, political companies are trying to enrich their databases with additional data from other sources to help political campaigns identify and target key swing voters.
But the many security vulnerabilities involving these huge bases of data raise concerns that political firms can keep that data secure.