Skip to content

The personal information of over a million voters of the blockchain voting system has been leaked

July 10, 2020

The personal information of more than a million Russian citizens has been leaked. This data is said to be one of them Some of the citizens who recently participated in blockchain-based electronic voting to constitutional changes.

The file was available for everyone to download

According to an investigation published by the Russian media Meduza, a file called “degvoter.zip” that contains such data, It was publicly available for download on a government website for at least several hours on July 1. Since then, The file was distributed over different telegram groups and channels.

The file was password protected. However, according to the publication It could easily be hacked with a free password cracking tool.

The personal information of over a million voters of the blockchain voting system has been leakedThe personal information of over a million voters of the blockchain voting system has been leaked

Along with the file, There was a password-protected database called “db.sqlite”. This database is supposed to contained passport numbers of over a million voters in Moscow and Nizhny Novgorod, two cities in Russia where residents could vote online. The system that enables online voting It is based on the Exonum blockchain platform developed by Bitfury.

Although the data sand encrypted with the SHA256 algorithm, Reporters were supposed to be able to decrypt them “very easily” using free software. This led them to the following conclusion:

“In view of the poor security and availability of the degvoter.zip file, the Russian government has made the personal data of all electronic components from Moscow and Nizhny Novgorod publicly available.”

According to reports Reporters have linked the leaked data to the Ministry of Interior’s official service to check the validity of the passports. They discovered that more than four thousand passports registered for electronic voting were invalid.

Since then, The Ministry of Digital Development, Communication and Media commented on the investigation and said it excluded “any possibility of leakage”. because passwords were distributed over “secure data channels” and authorized personnel only.

The agency also emphasized this The passport numbers were encrypted and consisted of a randomly drawn string. or hash sums and added:

Hash sums are not personal data. Publishing random fonts can do no harm to citizens. “

It is not the first mistake

As Cointelegraph previously reported, Russia’s electronic blockchain voting system has sparked much controversy. Not only Malfunction shortly after start, but supposedly allowed double voting and presented a decision that, as reported, may decipher the votes before the official count.

The electronic voting took place online 25-30 June while the referendum ended on July 1st. According to the election commission, 77.9% voted for the reform package and 21.3% against it.

After the approved constitutional changes, The end of Vladimir Putin’s mandate will be restored in 2024. which means, that can remain president until 2036.