US state accidentally makes voting system passwords public

The passcodes were “improperly“ stored on Colorado’s government website, officials said

The Colorado Secretary of State’s Office accidentally posted a document on its website that contained multiple voting system passwords, the authorities of the US state admitted on Tuesday.

According to 9News, Colorado Republican Vice Chair Hope Scheppelman shared a file containing a hidden tab in a mass email, which also included an affidavit from an unnamed person who claims to have downloaded the Excel file from the state secretary’s website and was able to read the hidden tab after simply clicking ‘unhide.’

The Colorado Secretary of State’s office said it was aware of the breach, and took immediate action to fix it, as well as informed the Cybersecurity and Infrastructure Security Agency. “The spreadsheet located on the Department’s website improperly included a hidden tab including partial passwords to certain components of Colorado voting systems,” officials said.

“This does not pose an immediate security threat to Colorado’s elections, nor will it impact how ballots are counted,” spokesman Jack Todd said in a press release.

Read more

The passwords were just one layer of security that protects the state elections, the spokesman stressed. There are two unique passwords for every piece of election equipment, both of which can only be used with “physical in-person access” to a voting system. The systems themselves are protected by video surveillance and require ID badges to access, Todd said. “It is a felony to access voting equipment without authorization,” he added.

Colorado Secretary of State Jena Griswold has downplayed the incident. “To be very clear, we do not see this as a full security threat to the state. This is not a security threat,” she told 9News on Tuesday evening. Griswold noted the document had been up on the government website for several months before the error was made public.

The Colorado Republican Party released a statement, saying that over 600 so-called BIOS passwords for voting equipment in 63 of the state’s 64 countries were compromised. “It’s shocking really. At best, even if the passwords were outdated, it represents significant incompetence and negligence, and it raises huge questions about password management and other basic security protocols at the highest levels within Griswold’s office,” Colorado GOP chair Dave Williams said.

Read more

The incident took place less than a week before the US presidential election on November 5. Both Republicans and Democrats have accused each other of undermining the faith in the fair outcome of the vote and attempting to use illicit means to sway the election in their favor.

Earlier this month, former Colorado county clerk Tina Peters was sentenced to nine years behind bars for allowing an unauthorized person to access the election system. Peters said she attempted to find evidence of the supposed voting machine fraud that Republican presidential candidate Donald Trump claimed had cost him the 2020 election. Trump continues to insist that the 2020 election was “stolen”, despite the courts and investigators not finding evidence that would back his claim.