Sign up for our daily briefing
Make your busy days simpler with Axios AM/PM. Catch up on what's new and why it matters in just 5 minutes.
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Catch up on coronavirus stories and special reports, curated by Mike Allen everyday
Denver news in your inbox
Catch up on the most important stories affecting your hometown with Axios Denver
Des Moines news in your inbox
Catch up on the most important stories affecting your hometown with Axios Des Moines
Minneapolis-St. Paul news in your inbox
Catch up on the most important stories affecting your hometown with Axios Twin Cities
Tampa Bay news in your inbox
Catch up on the most important stories affecting your hometown with Axios Tampa Bay
Charlotte news in your inbox
Catch up on the most important stories affecting your hometown with Axios Charlotte
Photo: Sean Rayford/Getty Images
Robocent, a Virginia Beach political robocalling contractor, failed to secure more than 2,000 files in its Amazon cloud storage account including political profiles on "hundreds of thousands" of voters.
Why it matters: States typically make registered voter data public - the voter data could be best described as sensitive but not private. However, states can put restrictions on what entities can receive access to those files.
Researchers at Kromtech first made the discovery, alerted Robocent (who has since secured the files) and detailed their work in a LinkedIn post.
Details: The leaky files include audio recordings of calls as well and databases listing voters contact information, preferred political party as recorded by the state and demographic information.
Yes, but: Finding cloud storage leaks is not something malicious actors can do easily. These are cloud storage units, known as buckets, that are misconfigured to be accessible by the public. However, most public buckets are intended to be public, and finding exploitable information just by searching for public buckets is grueling work, even though the process is being made easier by security companies.
In short, just because the data was public doesn't mean anyone unauthorized saw it beyond the researchers.