Mystery database leaks conservative's personal details

That data of American Christian conservatives was found to be leaking off one database
That data of American Christian conservatives was found to be leaking off one database

Just after it was revealed that 191 million voter records were exposed to the public due to a misconfigured MongoDB database, another 56 million records have been leaked from what researchers believe is a right-wing christian group originating in the US.

Hero of the day, Chris Vickery, the man who has exposed several consecutive MongoDB leaks, discovered this particular leak only five days after he found the exposed records of the aforementioned nearly 200 million voters.

Unlike that database, this new one had been updated as lately as April 2015 and contained a number of other details that the previous, larger one did not. Of the 56 million records, there were 19 million that contained detailed personal data.

In fact, this one contained personal preferences and details which unlike the previous leak, which contained publicly accessible data, were very decidedly private.

Aside from address, age and telephone number among other things, the leaked records also contained fields which indicated whether the individual in question lived a ‘bible lifestyle' was into hunting, fishing or NASCAR racing. The database also explicitly showed gun owners and political conservatives.

Nobody came forward to claim the database as their own but all this might suggest that what Vickery had on his hands was a right-wing, perhaps Christian, organisation's database of potential donors or supporters. However, it goes further than that.

Working with Dissent, the moderator of Databreaches.net and Salted Hash of CSO magazine, Vickery discovered a number of other clues pointing to the database's origin. Aside from the aforementioned fields which clearly skewed right in assessing users, the motley crew found several references to ‘Pioneer' within the database as well as embedded links to various conservative political organisations including Heroic Media, Let's Vote America and Pioneer Solutions.

These organisations have close links among America's right-wing, are notable for developing online tools for political action among the Christian right and engage in data mining for unregistered conservative voters.

A National Public Radio report released in 2012 detailed the methods of Let's Vote America's parent organisation, United in Purpose: “The company buys lists to build a profile of each citizen, and then assigns points for certain characteristics. You get points if you're on an anti-abortion list or a traditional marriage list. You get a point if you regularly attend church or home-school your kids. You get points if you like NASCAR or fishing.”

Vickery, Salted Hash and Dissent contacted various law enforcement bodies quickly after they discovered the leak. They also contacted various right-wing political organisations many of whom did not know who the database belonged to or straight up rejected the possibility that it belonged to them.

Dissent spoke to SCMagazineUK.com, saying that there was still no response from the people who might own the database: “I hope California investigates both exposed databases. Even if one is 'just public records,' many people are upset that their information is exposed. It seems most people never knew that voter registration lists are public records and can be shared so widely.”

The expression misconfigured MongoDB database has come up a lot in SC's recent reporting. Late last year, another ‘misconfigured MongoDB database' leaked the details of 5000 customers of an HIV positive dating app and more recently another leaked the details of 191 million US voters.

The problem, said John Matherly, founder of the Shodan search engine in a recent blog post, is often MongoDB's popularity. Matherly pointed out, “By default, newer versions of MongoDB only listen on localhost. The fact that MongoDB 3.0 is well-represented means that a lot of people are changing the default configuration of MongoDB to something less secure and aren't enabling any firewall to protect their database.” 

Matherly was also keen to point out that these kind of misconfigurations are by no means unique to MongoDB but occur equally in Redis, CouchDB and Cassandra among others.

Sign up to our newsletters