MacKeeper security researcher Chris Vickery writes:
This is just a quick note to explain that I discovered another publicly exposed Mexican database on Wednesday, May 20th. I reported it to the Mexican electoral authority (INE) that same day.
Today, INE held a press conference and reported that the database has been taken offline. Their initial investigations indicate that the data pertains to the region of Sinaloa. I cannot confirm or deny that aspect at this time.
Image courtesy of Chris Vickery/MacKeeper
As far as I know, they did not mention the political party responsible for this leak. I can report that the database was titled “DBPRI” and all signs point to the PRI party as being responsible here.
As with the first misconfigured database, this one also exposes a lot of personal information on voters, and appears to contain information on 2,072,585 citizens.
Let’s see if whoever’s responsible for this one also claims they were hacked, like Movimiento Ciudadano did. 🙂
INE’s statement can be found here (ES). They indicate that the database was hosted on Digital Ocean, so again we seem to have a database with Mexican voters’ personal information being hosted outside of their country.
PRI (Partido Revolucionario Institucional) does not seem to have issued any statement, and while Chris may well be right in his hypothesis that they are the owners of misconfigured database, it would be wise for us all to wait for confirmation from INE or the political party.
