A hacker managed to download voter’s information. The Tasmanian Electoral Commission states that an attacker still unknown gained access and downloaded a backup file containing voters’ information such as names, addresses, emails and birth dates.
Pentest revealed that the breach occurred through a server of the Barcelona-based company Typeform, whose online forms have been used on the Tasmania Electoral Commission website since 2015 for electoral processes, said Commission in a statement last Saturday.
On the other hand, Typeform stated that the vulnerability was identified on June 27, and it was shutted down within half an hour after detection.
The Commission said it believes that voter’s stolen personal information from the online forms were provided by themselves by requesting an express vote in the last state and Legislative Council elections.
The statement also claims that “the Electoral Commission apologizes for the violation, and will re-evaluate its information collection procedures and internal security elements around electoral storage for future events”.
Meanwhile, in its statement Typeform said “after pentest performing we can say that the leaked data came from a partial backup dated May 3, 2018 and that the risk of recurrence of the attack is now considered sufficiently low to issue this statement”.
“Right after receiving the information, we have implemented pentest and a thorough review of the security of our system. We have identified the origin of the violation and have handled that security vulnerability”, the company said.
According to reports from the International Institute of Cyber Security, this case has lots of similarities with recent vulnerability samples from companies that work with large volumes of information about their users, such as the attack that Ticketmaster suffered in past days, in which millions of records of its clients were compromised.
Working as a cyber security solutions architect, Alisa focuses on bug bounty and network security. Before joining us she held a cyber security researcher positions within a variety of cyber security start-ups. She also experience in different industry domains like finance, healthcare and consumer products.