6.2 million e-mail addresses exposed by the DSCC

dscc e mails data exposure

Unintended data exposure is becoming very common these days. But the latest data exposure is bound to baffle you. It is believed that the Democratic Senatorial Campaign Committee (DSCC) left about 6.2 million e-mail addresses exposed for a shocking nine years.

The discovery was made by the cyber sleuths at UpGuard. According to the Australian cybersecurity company, the DSCC left millions of e-mail addresses exposed in a badly exposed Amazon S3 cloud storage bucket. The data had been present in the bucket for nine years (since 2010).

UpGuard discovered the Amazon S3 storage bucket on July 25th, 2019 and notified the DSSC the next morning. The bucket was secured the same day. But the bucket is believed to have been available to any of the authenticated AWS users for nine years. And so, anyone with even a free AWS account could access this bucket and its contents.

The bucket consisted of a 145 MB .csv file which contained as many as 6,235,397 lines. Each of these lines had e-mail addresses. The data file was to exclude people from the DSCC’s marketing e-mails during Hillary Clinton’s tenure. Most of these e-mail addresses were personal but also included thousands of .gov and .mil addresses.