A voting machine supplier for dozens of US states left records on 1.8 million Americans in public view for anyone to download – after misconfiguring its AWS-hosted storage.

ES&S says it was notified by UpGuard researcher Chris Vickery of the vulnerable database that contained personal information it collected from recent elections in Chicago, Illinois. The records included voters' names, addresses, dates of birth, and partial social security numbers. Some of the records also included drivers' licenses and state ID numbers.

"The backup files on the AWS server did not include any ballot information or vote totals and were not in any way connected to Chicago's voting or tabulation systems," ES&S said in a statement on Thursday.

[...] A spokesperson for UpGuard confirmed to The Register that the vulnerable service was an AWS S3 silo accidentally set up to be open to the public. Strangely, only Chicago's data was exposed by a misconfiguration.

[...] Chicago's election board, meanwhile, says it is "deeply troubled" to hear of the exposure, but applauded ES&S for taking quick action.

"We have been in steady contact with ES&S to order and review the steps that must be taken, including the investigation of ES&S’s AWS server," said Chicago Election Board chairwoman Marisel Hernandez in a statement.

"We will continue reviewing our contract, policies and practices with ES&S. We are taking steps to make certain this can never happen again.”

This isn't the first time UpGuard found voter data sitting out in the open on AWS. Earlier this year the security firm caught a Republican analytics company who failed to put any access restrictions on an S3 instance that contained the personal details of nearly 200 million US voters within a 1.1TB database collected prior to the 2016 presidential election. ®