The addresses of 87 million Mexican voters were recently accessible online to anyone with an internet connection — all without authentication or protection by security mechanisms.
Texan whistleblower Chris Vickery informed Mexican authorities of his findings, stating that the information could be used by criminals. While the information was available via AWS (Amazon Web Services), the compan’s website does mention that it’s up to each customer to enforce the security of their content, while Amazon is responsible for the security of its cloud.
“While AWS manages security of the cloud, security in the cloud is the responsibility of the customer,” writes Amazon on its Shared Responsibility Model webpage. “Customers retain control of what security they choose to implement to protect their own content, platform, applications, systems and networks, no differently than they would for applications in an on-site datacenter.”
While the list is supposed to be shared only between Mexican political parties to prevent fraud, Lorenzo Cordova Vianello, president of the Mexican National Electoral Institute, believes that tracking the leak should be relatively easy, and those responsible will soon be held accountable. His major concern about the disclosure of details on 87 million Mexican voters is that it could increase kidnapping if it were to end up in the wrong hands.
“We have a crime issue,” said Cordova. “That is one of the main structural problems of Mexican society. That is why this is a sensitive issue that this database is put in front of the society.”
Authorities have launched an investigation into the matter and have been instructed that fixing such vulnerabilities is simply a matter of protecting the information with authentication credentials or pulling the information offline.