A Bug In Joe Biden’s Campaign App Gave Anyone Access To Millions of Voter Files

schwit1 shares a report from TechCrunch: A privacy bug in Democratic presidential candidate Joe Biden’s official campaign app allowed anyone to look up sensitive voter information on millions of Americans, a security researcher has found. The campaign app, Vote Joe, allows Biden supporters to encourage friends and family members to vote in the upcoming U.S. presidential election by uploading their phone’s contact lists to see if their friends and family members are registered to vote. The app uploads and matches the user’s contacts with voter data supplied from TargetSmart, a political marketing firm that claims to have files on more than 191 million Americans.
When a match is found, the app displays the voter’s name, age and birthday, and which recent election they voted in. This, the app says, helps users find people you know and encourage them to get involved.” While much of this data can already be public, the bug made it easy for anyone to access any voter’s information by using the app. The App Analyst, a mobile expert who detailed his findings on his eponymous blog, found that he could trick the app into pulling in anyone’s information by creating a contact on his phone with the voter’s name. The Biden campaign fixed the bug and pushed out an app update on Friday. “We were made aware about how our third-party app developer was providing additional fields of information from commercially available data that was not needed,” Matt Hill, a spokesperson for the Biden campaign, told TechCrunch. “We worked with our vendor quickly to fix the issue and remove the information. We are committed to protecting the privacy of our staff, volunteers and supporters will always work with our vendors to do so.”

Read more of this story at Slashdot.

Source: Slashdot