True the Vote, a right-wing nonprofit, developed an app called VoteAlert to crowdsource claims of voter fraud. However, the app contained a security flaw that exposed the email addresses of all users who posted or commented on the platform, along with other information. This vulnerability was discovered by WIRED while reviewing the app’s code and has since been patched.
The exposed data included the email address of a California election officer who used the app to post about her racist and illegal scheme to demand IDs from certain voters based on perceived citizenship status. This incident is currently being investigated by election officials.
True the Vote has a history of promoting election conspiracy theories without evidence and has used technology to legitimize their claims of widespread voter fraud. However, they have refused to provide proof when challenged.
The data exposure was caused by an issue with an infinite scroll feature introduced over the weekend, according to a spokesperson for True the Vote. However, WIRED pointed out that the exposure had been ongoing for several weeks, and the organization did not respond further. The issue has since been resolved, and emails are no longer visible.
At least 146 user email addresses were exposed, along with 186 user-submitted reports of fraud and over 200 comments on those reports. This suggests that the app has a relatively small user base, but for these niche users, VoteAlert has become a hub for posting unverifiable and misleading claims about supposed election irregularities.
Some of these claims have been debunked, such as an allegation that a Dominion voting machine displayed mismatched vote counters, which Dominion says is not possible. Another post claimed a bake sale at a Delaware polling place was intended to sway votes, but the photo included with the post was at least seven years old.
In a now-deleted post on VoteAlert, a user claimed to be an expert tech journalist and asked for references to be removed. This raises questions about the credibility of the information being shared on the app.