https://www.cyberscoop.com/rice-consulting-nas-exposed-voter-data/
By Zaid Shoorbajee
Cyberscoop
Oct 24, 2018
A consulting firm that works with Democratic campaigns unknowingly left
sensitive fundraiser information and credentials to old voter record
databases open on the internet, according to a report published on
Wednesday.
Cybersecurity company Hacken says it discovered an unprotected Network
Attached Storage (NAS) device managed by Rice Consulting, a Maryland firm
that provides fundraising and mass communication to Democratic clients.
Authentication was reportedly disabled on the NAS, and Hacken says that it
was indexed by Shodan, an Internet-of-Things search engine.
With its contents publicly accessible, the NAS revealed details about Rice
Consulting's clients as well as details about "thousands of fundraisers,"
Hacken says. Those details include names, phone numbers, emails, addresses
and companies. There were apparently also contracts, meeting notes,
desktop backups and employee details.
Rice Consulting did not respond to an email request for comment on the
Hacken report. When CyberScoop called the firm, the person who answered
said "There’s no one here who can tell you anything," and hung up.
[...]
--
Subscribe to InfoSec News
https://www.infosecnews.org/subscribe-to-infosec-news/
https://twitter.com/infosecnews_
