Dive Brief:
- The personal data of 87 million Mexican voters was left unprotected on an Amazon server until last Friday, according to reports from Scientific American and Motherboard.
- The information included the names, addresses, birthdates and national identification numbers of every voter in Mexico.
- Chris Vickery, a MacKeeper security researcher based out of Texas, found the vulnerability and said the data lacked a password and other basic security measures.
Dive Insight:
Vickery reported the flaw to officials in both the U.S. and Mexico late last week. A prolific researcher, he previously discovered a vulnerability where he could view the records of 191 million American voters and found that a child tracking firm had left kids' data exposed for almost two months.
Authorities are not sure how long the Mexican voter database was accessible.
"The fact that this database is published to the public, it is not just a criminal offense, it is a national offense," Lorenzo Cordova Vianello, president of the Mexican National Electoral Institute, told Scientific American.
The data was hosted on Amazon Web Services, but AWS says on its website that it is up to customers to oversee the security of their stored data, noting that, "while [Amazon Web Services] manages security of the cloud, security in the cloud is the responsibility of the customer."
As more companies move to the cloud, this is an important distinction. Companies must ensure proper security of their own data in the cloud. As AWS says on its website, customers are responsible for the security of their own content, just as they would be responsible with information in on-site datacenters.
