A bug was recently discovered in Democratic presidential candidate Joe Biden’s official campaign app that allowed anyone to access sensitive voter information on millions of Americans. The privacy breach reportedly affects 191 million Americans.
TechCrunch reports that a recent study by the App Analyst, a mobile computing expert that reviews and investigates apps, found a major issue in Democratic presidential candidate Joe Biden’s official campaign app. The campaign app, Vote Joe, allows Biden supporters to encourage friends and family members to vote in the upcoming U.S. presidential election in November by uploading their phone’s contact lists to see if their friends and family members have registered to vote.
The app matches the users’ contacts with voter data supplied from the political marketing firm TargetSmart which claims to have files on more than 191 million Americans. When the app finds a match, it displays the voter’s name, age, birthday, and which recent election they voted in. The app claims that this helps users “find people you know and encourage them to get involved.”
The App Analyst found that they could trick the app into collecting anyone’s information by creating a contact on his phone with the voter’s name. The analyst told TechCrunch that the app also pulls in a lot more data than it displays. By intercepting the data that is sent between the device and the app’s servers, the analyst saw more detailed and private information of voters including their home address, date of birth, gender, ethnicity, and political party affiliation.
The Biden campaign has reportedly issued an update to fix the bug. Matt Hill, a spokesperson for the Biden campaign, told TechCrunch: “We were made aware about how our third-party app developer was providing additional fields of information from commercially available data that was not needed. We worked with our vendor quickly to fix the issue and remove the information. We are committed to protecting the privacy of our staff, volunteers and supporters will always work with our vendors to do so.”
TargetSmart claimed that a “limited amount of publicly or commercially available data” was accessible to other users. TargetSmart has previously found itself at the center of a data leak scandal. In 2017, a voter file complied by TargetSmart on nearly 600,000 voters in Alaska was left on an exposed server with no password, and in 2018 TechCrunch reported that almost 15 million records on Texas voters were found on an exposed server just months ahead of U.S. midterm elections.
Read more at TechCrunch here.
Lucas Nolan is a reporter for Breitbart News covering issues of free speech and online censorship. Follow him on Twitter @LucasNolan or contact via secure email at the address email@example.com