- A blockchain-powered Russain voting system has left 1.1 million voters’ data publicly available online
- The voter data was password-protected but could easily have been hacked with a free online tool
- Russiain officials have denied that the files could be accessed
1.1 million Russians who participated in a recent vote using a blockchain-based online system have seen their passport information leaked online. The e-vote on constitutional amendments, which would allow current president Vladimir Putin to stay in power indefinitely, was taken in part using a new e-voting system developed by the Moscow Department of Information Technologies, but it seems that the department has dropped the ball when it comes to securing the data of those using the platform.
Blockchain Voting System Passes the Test
Russia has opted for the Exonum enterprise blockchain platform from Bitcoin mining firm Bitfury to power its e-voting platform, which Moscow officials said represented minimal chance of attack given its closed nature. This was tested towards the end of June when hackers tried to bring down an observation node on the blockchain, but the attack failed.
While the blockchain voting platform itself might have passed its first test, Russian officials certainly haven’t. According to Russian media outlet Meduza, identity details of registrants including passport details were bundled up into an archive titled “degvoter.zip” which was, incredibly, publicly available for download on a government website on July 1. The file was password protected, but, according to Meduza, it could be easily hacked with a free password cracking tool.
Russian Officials Deny File Accessibility
The biggest treasure trove for would be hackers however came in the form of another database which was not password protected and was said to contain passport numbers for 1.1 million from Moscow and Nizhniy Novgorod, the two cities used for the pilot blockchain technology project.
The Ministry of Digital Development, Communications, and Mass Media has played down the leak, claiming that there is not “any possibility of leakage” from the files, since the passwords were distributed through “secure data channels” and only to authorized personnel.