Update: Chris Vickery has announced that the database is now offline. It is not yet confirmed who took it down. Vickery is working with authorities to investigate the data breach.

On the morning of Dec. 20, Chris Vickery (Reddit user FoundTheStuff) was messing around on his computer the way he normally does, and was shocked at the information that appeared on the screen.

There it was—his full name, phone number, home address, date of birth and other personal details, instantly accessible to anyone with an internet connection.

And he could access the same information for nearly 191 million other Americans, likely every single registered voter in the country. It turns out the insecure database is currently configured for public access—no login required. He has been trying to find a way to get it shut down or secured, with no luck.

Vickery, who lives in Austin, Texas, won’t share the site or the how he stumbled upon it (and neither would we if we had the information), but he tells us he’s holding onto more than 300 gigabytes of data. I gave him my full name and city, and sure enough, all the details he has for me—address, birthday, political party and more—checks out correctly. (Financial details, driver’s license numbers, and social security numbers are not included, thankfully.) He’s also searched for police officers in his city, along with other journalists, and they’re all there in the database. Upvoted has reached out to the FBI for comment, but has not yet received a response at the time of publication.

Vickery announced his discovery in Reddit’s Privacy community with the hope of identifying whoever has the authorization to lock up the information. Upvoted spoke with Vickery by phone.

I read that you’re a security researcher. What does that mean?

I’m not a real security researcher. That’s just what the media refers to me as. I’m really not some big security guru. I work IT help desk at a law firm. Finding data breaches is a hobby.

What’s your intention?

To get databases secured as quickly as possible. There are so many companies that are putting out insecure databases. Naming and shaming a few of them hopefully will have a good effect on the ecosystem as a whole. If enough people get caught with their pants down, hopefully everyone else will put on a belt.

What other breaches have you found?

There was the MacKeeper one. That was 13 million account details. There was the Hello Kitty one. That was 3.3 million account details. There was Slingo.com, a gaming website. That was 2.5 million. There was OKHello, that video chat app. That was 2.6 million. All in all, I’ve found account details of about 30 million people in the past month or so. This is the biggest one I’ve found. Even though it doesn’t have passwords attached to it, it’s still pretty shocking.

Yes, back to the voter registration records. What data is in a voter list?

Name, address, phone number, whether or not you voted in the primary and general elections all the way back to 2000, date of birth, gender, political party. It has a field for email but I haven’t really seen any emails filled in.

Here’s a screenshot of Vickery’s own information listed in the database.

Is it legal to have this information out there?

I’ve seen a lot of comments about that and a lot of people say, well, voter registrations are public knowledge, blah, blah, blah. There are some states where you can’t place voter data on the internet for unrestricted access—South Dakota, for instance. In California, you can’t access the address and phone numbers unless you have a legitimate journalistic purpose or you are a campaigner. Not all states have restrictions, but it’s not supposed to be this easy to get a hold of this information.

In your mind, what are the potential dangers of having this information out there?

Even though a lot of it may be public information, I don’t think our society has ever had to deal with the idea of all of it combined together in a concentrated format, available to the entire world at an instant for free. Just for any purpose whatsoever. I don’t think we’ve ever had to tackle that concept before. That crosses a line that I think is very fundamental to people and Americans in general.

The scammers out there would love to have this information. They could use the dates of birth and target the elderly. They could do all types of metrics with this data. It seems very dangerous and reckless to leave it out there.

This information does get sold by marketing companies and campaign people use it and pay a pretty penny for it. I talked to Gravis Marketing the other day, and I kind of pretended to be a customer and asked them how much a list like this would run, and they sent me an email quoting $269,000.

Who’s at fault for the misconfiguration?

There’s been a lot of speculation. I’m not really close to figuring it out. I have a couple of leads. We’ve contacted several major political marketing database-type places and nobody has taken credit so far. I’m not allowed to talk about who may or may not be trying to secure it.

What will you do with all this information?

If it comes out that this is all completely legal to have, I might just archive it and put it away for whatever reference purposes. I’m certainly not interested in spreading it around. But if it’s completely legal to have, I’m not sure why I wouldn’t.