• maynarkh@feddit.nl
    link
    fedilink
    English
    arrow-up
    4
    ·
    11 months ago

    During a live video stream of the ballot result, a representative of TrueBallot shared their screen, which displayed an internet URL in the address bar of their web browser. A flight attendant watching the stream copied the URL into their own computer and discovered that the link took them to an unsecured database of the vote.

    The flight attendant was able to view the name of everyone who had voted and what ballot they had cast, alongside their email address. The database could even be edited, and ballots could be added and deleted.

    TrueBallot had literally one job there. It’s not even that hard to provide a secure balloting system for 10k people.