The records include voters’ first, middle and last names, voter IDs, birth dates, voter status, party affiliations, residential addresses and a slew of other details, according to Dark Reading. The stolen data reportedly came from Arkansas, Colorado, Connecticut, Delaware, Florida, Michigan, Ohio, Oklahoma and Washington state.
But "Logan" claims he has voter information from an additional 20 to 25 states, Jonathan Tomek, director of threat research at LookingGlass Cyber Solutions, told Dark Reading.
Following the sale of 10 million voter records from Ohio and Arkansas for just $4, the cyber criminal’s pattern does not suggest particular interest in financial gains.
So how was such an alarming quantity of information collected? According to Tomek, it was through a combination of social engineering and Freedom of Information Act requests.
"Logan is not affiliated with any group to our knowledge, we believe he is acting alone," Tomek noted. "I can say he is over 18, travels a bit internationally, and works for a cybersecurity company."
"We do know he is actively trading information for other stolen items such as credit cards and login credentials," Tomek suggested. "The combination of the voter information plus the other data has potential to be very bad since the voter data contain birthday, home address, email, and full name."
While officials zero in on the dark web figure, the Trump administration seeks to gain access to every US state’s voter registration data. Only 24 states have thus far fallen in line with President Donald Trump’s demands, and advocacy groups like the American Civil Liberties Union say the act could lead to voter suppression.