Personal details and political affiliations exposed
The server that drew Diachenko’s attention, this time, contained 2,584 files, which the researcher later connected to RoboCent.
The type of user data exposed via Robocent’s bucket included:⬖ Full Name, suffix, prefix
⬖ Phone numbers (cell and landlines)
⬖ Address with house, street, city, state, zip, precinct
⬖ Political affiliation provided by state, or inferred based on voting history
⬖ Age and birth year
⬖ Jurisdiction breakdown based on district, zip code, precinct, county, state
⬖ Demographics based on ethnicity, language, education
Other data found on the servers, but not necessarily personal data, included audio files with prerecorded political messages used for robocalls.
According to RoboCent’s website, the company was not only providing robo-calling services for political surveys and inquiries but was also selling this data in raw format.
“Clients can now purchase voter data directly from their RoboCall provider,” the company’s website reads. “We provide voter files for every need, whether it be for a new RoboCall or simply to update records for door knocking.”
The company sells voter records for a price of 3¢/record. Leaving the core of its business available online on an AWS bucket without authentication is… self-defeating.