The private data of the Catalan referendum at risk

The Catalan referendum continues to bring queue. The conflict does not seem to end soon and the controversies continue to increase day by day. Now, a new problem is added that affects the privacy of Catalan citizens. The database with the data of all the people who have voted in the referendum has been exposed.

The private data of the Catalan referendum at risk

In order to vote in said referendum, you had to identify yourself when voting. This was done by presenting the DNI, the postal code and the date of birth. The Government of Spain had prohibited the holding of this referendum, with the consequent blocking of the event's websites. For this reason, the organization of the referendum created a web replica of the original.

Data of millions of citizens in danger

This was possible thanks to the use of the IPFS (InterPlanetary File System) protocol. But a serious mistake was made along the way. Since due to this decision, the Generalitat has left exposed the database where the data of all the voters in the referendum were stored. Although the IPFS protocol works perfectly to replicate a website and its content, it is not a good method to protect data.

Therefore, all the data from these votes is vulnerable to possible attacks. So the data provided by each Catalan citizen who took part in the voting has been left on a tray. Making them stolen with absolute ease.

There are already security experts commenting that an attack could be imminent. Therefore, the information of millions of citizens may be definitively completely exposed. We hope that this is not the case, but this would require improving the security of this replica.