14 DAY TRIAL // The details of 93,424,710 Mexican voters were exposed online via an unprotected MongoDB database that had no admin password and was easily reachable via a public IP address.
MacKeeper security researcher Chris Vickery discovered the database on April 14, running on an Amazon AWS cloud server. Soon after he identified the data and realized what he was looking at, the researcher contacted the US State Department and later the State Department’s Office of Mexican Affairs.
Database was secured eight days after being discovered
After receiving no response, the researcher then contacted the US Secret Service, Department of Homeland Security, US-CERT, Amazon, and the Mexican embassy in the US.
Eight days later, Mexico's Instituto Federal Electoral (Federal Electoral Institute) (IFE) reached out to Mr. Vickery, thanked him for his efforts, and also informed him they secured the database.
IFE representatives told DataBreaches.net that the IP on which the server was running was not one of their own, that the database's total statistics did not match their own numbers, and that they'd start an investigation to see how the data ended up on a US-based Amazon server.
Mexican law prohibits companies from moving sensitive data of Mexican citizens across the border. The maximum penalty is six years in prison.
Database didn't contain financial or biometrics information
According to Vickery and DataBreaches.net, the database contained Mexican citizens' names, full addresses, dates of birth, mother's and father's name, current occupation, and their voter ID.
Vickery is the security researcher who also discovered the details of 191,337,174 US voters through another misconfigured MongoDB database.
Before this incident, the details of 55 million Filipinos were leaked after Anonymous and LulzSec Philippines hackers breached the COMELEC database at the start of the month. Prior to that incident, the details for 50 million Turks were also leaked online.
