Security News > 2020 > November > Trump lawsuit site to report 'rejected votes' leaked voter data

Trump lawsuit site to report 'rejected votes' leaked voter data
2020-11-08 12:04

The DontTouchTheGreenButton.com website just launched by the Trump campaign in relation to the recently filed Arizona "Rejected votes" lawsuit was discovered to be leaking voter data.

The data included the voter name, address, and a unique identifier.

Over the weekend, President Trump's re-election campaign and the Republican National Committee filed a lawsuit in Arizona alleging the polling officials in Maricopa County had incorrectly rejected in-person votes on Election Day, by misusing a mechanical feature of the voting machines.

BleepingComputer observed the data was being pulled from the server using Algolia REST API. The exposed API key and Application ID in the request could let anyone programmatically run queries to scrape the voter data in bulk from the service.

The JSON data returned by the REST API contains a list of 5 voter names and addresses by default, along with unique identifiers based on the search query.


News URL

https://www.bleepingcomputer.com/news/security/trump-lawsuit-site-to-report-rejected-votes-leaked-voter-data/