The implementation of the campaign Vote Joe, allows Biden supporters to encourage friends and family to vote for him. The application uploads and matches its contacts user with voter data provided by TargetSmart, a marketing company that claims to hold records for more than 191 million Americans.
Once the app matches someone's details, it displays the voter's name, age and date of birth and the most recent election they cast. This, according to the application, helps them users to "find people they know and encourage them to participate."
And while much of that data may already be public, the error makes it easier for anyone to access information from any voter using the app.
App Analyst, an expert security who detailed his findings on his blog of the same name, found that he could trick the app into extracting any person's information by making a contact on his phone with the voter's name.
He told TechCrunch that the application collects much more data than it actually displays. By blocking data flowing in and out of the device, he saw much more detailed and private information, including a voter's home address, date of birth, gender, nationality, and the political parties he or she supports.
Biden's campaign application has fixed the bug.
Matt Hill, a spokesman for Biden's campaign, also told TechCrunch: "We worked quickly with our vendor to fix the problem and clear the information. "We are committed to protecting the privacy of our staff, volunteers and supporters, and we will always work with our suppliers to do this."
Following the publication, Hill disputed the researcher's findings and that the application stated gender, nationality or home addresses. A TargetSmart spokesman stated that "a limited amount of data available to the public or commercially" was accessible to other users.
This is not the first time TargetSmart has been involved in data leakage. In 2017, a voter file compiled by TargetSmart for approximately 600.000 voters in Alaska was left on an exposed server without a password. And in 2018, TechCrunch reported that nearly 15 million records of Texas voters were found on an exposed and insecure server, just months before the US midterm elections.