The databases of the Republican polling firm Victory Phones were hacked just after the 2016 election, exposing donor records.

Victory Phones, an automated phone research, and data compilation firm was hacked in January exposing data on hundreds of thousands of Americans who submitted donations to Republican political campaigns.

Victory Phones carries out polling on behalf of Republican candidates using phone calling, it also implemented a fundraising systems for the political campaigns.

According to ZDNet, who first reported the incident, the hack exposed several database files, one of them is a 223 gigabytes archive containing about two billion records

Stolen records include 166,046 unique email addresses, and contains names, postal and email addresses, phone numbers, genders, and donation amounts.

Experts believe the hackers targeted the company because they were primarily interested in individual donations made to political campaigns.

“According to public records, the company gave $207,602 to a campaign by Rand Paul (R-KY) and $79,646 to Martha Roby (R-AL). The company also gave $103,977 to the Republican Party of Michigan, where the company is located, and $64,229 to the Republican National Committee, among others.” reported ZDnet.

The data contains names, postal and email addresses, phone numbers, genders, and donation amounts.

The popular cyber security expert Troy Hunt, who runs the data breach notification service Have I Been Pwned reached out to several individuals whose data was included in the stolen databases and all of those confirmed the authenticity of the information leaked online.

The Victory Phones was running an unsecured MongoDB installations as confirmed by the chief executive David Dishaw who added that the company never received a ransom note.

“We can confirm that in early January 2017, we were one of tens of thousands of users whose MongoDB instance was hacked. We received no ransom note or communication regarding this intrusion, in the immediate aftermath, or up until even now. We took steps to enhance the security of our data, and notified our users at that time of the breach. We will continue to keep them up to date as we come into any information that is relevant.”

Victory Phones presidential election 2016

MongoDB ransom attacks soared early this year, according to the Australian Communications and Media Authority Antipodes the number of hacked systems more than double to 27,000 in just a day. According to the experts, the hackers implement an extortion mechanism copying and deleting data from vulnerable databases.

Crooks request the payment of a ransom in order to return data and help the company to fix the flaw they exploited. Late 2016, I reported the story of a mysterious attacker that went online with the harak1r1 moniker, he was breaking into unprotected MongoDB databases, stealing their content, and requesting for a 0.2 bitcoins (US$184) ransom to return the data.

The attacks were discovered by the Co-founder of the GDI Foundation, Victor Gevers, who warned of poor security for MongoDB installations in the wild

ZDnet confirmed that at the time of writing, a Victory Phones’s server with an open database port is still indexed on Shodan.

“The breach may not be significant in terms of numbers of individuals affected compare to other breaches of voter information — much of the data is already public on the Federal Election Commission’s website. But the hack represents yet another data exposure at a time of heightened concern about election interference.” continues ZDNet.

Hunt confirmed that 75 percent of email addresses were already in Have I Been Pwned’s database.

Pierluigi Paganini

(Security Affairs – MongoDB databases, Victory Phones)