Ex-Vice President and current Democratic presidential front runner Joe Biden’s campaign must answer to millions of supporters following a massive data breach.
A privacy bug in Democratic presidential candidate Joe Biden’s official campaign app allowed anyone to look up sensitive voter information on millions of Americans, a security researcher has found.
The campaign app, Vote Joe, allows Biden supporters to encourage friends and family members to vote in the upcoming U.S. presidential election by uploading their phone’s contact lists to see if their friends and family members are registered to vote. The app uploads and matches the user’s contacts with voter data supplied from TargetSmart, a political marketing firm that claims to have files on more than 191 million Americans.
Matt Hill, a spokesperson for the Biden campaign, told TechCrunch: “We were made aware about how our third-party app developer was providing additional fields of information from commercially available data that was not needed.”
Plus he added, “We worked with our vendor quickly to fix the issue and remove the information. We are committed to protecting the privacy of our staff, volunteers and supporters will always work with our vendors to do so.”
The App Analyst, a mobile communications expert who shared the findings on his blog, found he could trick the app into pulling in anyone’s information by creating a contact on his phone with the voter’s name.
Spokesman for Target Smart Mike Czin declared, “Due to a coding error by a progressive app developer, a limited amount of publicly or commercially available data was accessible to other users. The issue was quickly identified and fixed.”
In addition, a spokesperson for TargetSmart said a “limited amount of publicly or commercially available data” was accessible to other users. That may not be a sufficient explanation to many millions that were affected.