Georgia website flaw allowed users to cancel others’ voter registrations

A cybersecurity researcher over the weekend uncovered a flaw in a Georgia website that allowed anyone with rudimentary technical knowledge — and a bit of ill will — to cancel others’ voter registrations.

ProPublica and Atlanta News First reported on Monday they’d been contacted over the weekend by cybersecurity researcher Jason Parker, who said he found the flaw and reported it to state officials.

The flaw, which Georgia state officials said has been fixed, involved using a web browser to inspect the HTML of a new webpage for voter registration cancellation that’s administered by Georgia Secretary of State Brad Raffensperger. In a video, Parker demonstrated how it was possible to cancel a voter’s registration using only a name, date of birth and county of residence.

Threat researcher Zach Edwards told ProPublica the website demonstrated “incredibly sleepy coding” and called for the state to pass a law that would require such important government forms to pass outside review before publication.

It wasn’t the webpage’s first bug since its launch on July 29. Soon after the page went live last week, the Associated Press and The Current reported other flaws that were exposing voters’ personal information, including driver’s license numbers and the last four digits of Social Security numbers.