Russia's Blockchain E-Vote Participants May Have Had Their Private Data Leaked

Personal data for over a million Russian nationals has reportedly been leaked.

The data allegedly belongs to some of the citizens who participated in the recent blockchain-based e-vote on Constitutional amendments.

The archive was reportedly available for everyone to download. According to an investigation published by Russian language media outlet Meduza, an archive titled "Degvoter.zip", which contains said data, was publicly available for download for at least several hours on July 1 via a government website.

This database allegedly contained passport numbers for over a million voters from Moscow and Nizhniy Novgorod - two cities in Russia where residents could cast their votes online.

Although that data was encrypted with the SHA256 algorithm, the reporters were allegedly able to decode it "Very easily" using free software.

"Considering the poor security and availability of the degvoter.zip archive, the Russian government actually put the personal data of all e-constituents from Moscow and Nizhny Novgorod in the public domain."

Journalists reportedly cross-referenced the leaked data with the Ministry of Internal Affairs' official service for checking the validity of passports.

The Ministry of Digital Development, Communications, and Mass Media has since commented on the investigation, saying that they exclude "Any possibility of leakage", since the passwords were distributed through "Secure data channels" and only to authorized personnel.

"Hash sums are not personal data. Publication of random sets of characters cannot harm citizens,".

Not only did it malfunction soon after going live, it also allegedly allowed double voting, and had a vulnerability that reportedly made it possible to decipher votes before the official count.