Databases containing the personal information of millions of U.S. voters have appeared on Russian hacking forums.
According to Russian news outlet Kommersant, a hacker called Gorka9 has posted the personal information of several million registered voters in Michigan, Arkansas, Connecticut, Florida, and South Carolina.The data includes names, birthdates, gender, mailing addresses, email addresses and polling station numbers. Cybersecurity researchers have determined the records are authentic and current as of March 2020.
State and federal government officials have denied that the data was acquired via hacking and have maintained that the data was available through the Freedom of Information Act (FOIA).
“[We] have not seen cyber attacks this year on voter registration databases or on any systems involving voting,” the Federal Bureau of Investigation and the Cybersecurity Infrastructure Security Agency said in a joint statement released September 1.
Russian hackers have reportedly claimed that the information was acquired via SQL injections, a relatively simple hacking method that exploits unsecured databases via website URLs and forms to run queries.