A Russian media outlet said that data on all 1.14 million Russians who used a blockchain platform to vote in the recent referendum on constitutional reform was made publically available on the internet – directly from a state-run server.
Per Meduza, a .zip file containing ID information, passport numbers and other passport information of people casting their votes on the blockchain platform was shared among election officials on June 30, the day the blockchain ballot closed.
Meduza said that a “source” sent it “a photograph of instructions for checking internet voters” that was shared among the heads of electoral commissions.
The report’s author said that “the instructions did not feature any official stamps of secrecy or confidentiality warnings.”
The media outlet said that by following the instructions, it was able to access the data of all 1 million-plus voters who used the platform. It also claimed,
“The .zip archive was hosted on a government site. Access to the archive was free. On July 1, at least from 9am to 12pm Moscow time, anyone could download it.”
The file was password-protected, but Meduza wrote that the photograph it received also informed recipients of the password.
However, it added that widely available password-cracking software “took a couple of days” to gain access to the file using a PC fitted with “an old Intel Core i3-4160 processor.”
Meduza also added that it had decided not to publish a link to the file “for two reasons,” namely, that the link no longer works, but “still allows you to find and download the archive,” which it claimed was “very weakly protected.”
The media outlet has also alleged that the platform was beset with other issues – including a flaw that allowed some votes to be counted twice.
Despite these and other setbacks, election officials have claimed the vote was a success. They stated this week that they will look to allow blockchain voting in more locations for the next general election – slated for September 2021.