Stay up to date with notifications from The Independent

Notifications can be managed in browser preferences.

Colorado blunder accidentally exposes voting machine passwords online - but officials say everything is secure

Colorado’s Secretary of State has claimed the breach does not present an immediate threat to the upcoming election

Jesse Bedayn
Wednesday 30 October 2024 14:07 EDT
Comments
Voting system passwords were mistakenly put on the Colorado Secretary of State’s website for several months before being spotted and taken down.
Voting system passwords were mistakenly put on the Colorado Secretary of State’s website for several months before being spotted and taken down. (AP)

Your support helps us to tell the story

From reproductive rights to climate change to Big Tech, The Independent is on the ground when the story is developing. Whether it's investigating the financials of Elon Musk's pro-Trump PAC or producing our latest documentary, 'The A Word', which shines a light on the American women fighting for reproductive rights, we know how important it is to parse out the facts from the messaging.

At such a critical moment in US history, we need reporters on the ground. Your donation allows us to keep sending journalists to speak to both sides of the story.

The Independent is trusted by Americans across the entire political spectrum. And unlike many other quality news outlets, we choose not to lock Americans out of our reporting and analysis with paywalls. We believe quality journalism should be available to everyone, paid for by those who can afford it.

Your support makes all the difference.

Voting system passwords were mistakenly put on the Colorado Secretary of State's website for several months before being spotted and taken down, but the lapse did not pose an immediate threat to the upcoming election, said state election officials Tuesday.

The passwords were only one of two that are needed to access any component of Colorado's voting systems, and are just one part of a layered security system, said Jack Todd, spokesperson for the the Secretary of State's office, in a statement. The two passwords are "kept in separate places and held by different parties," he said.

"This is not a security threat," said Colorado Secretary of State Jena Griswold in an interview on 9News Tuesday evening. She said her office is investigating, that not all of the passwords in the spreadsheet were active and there is no reason to believe there's been a security breach.

Griswold said workers are changing passwords, looking at access logs and chain of custody books.

Colorado Secretary of State Jena Griswold said there was no security threat - despite the password’s being on her website for several months.
Colorado Secretary of State Jena Griswold said there was no security threat - despite the password’s being on her website for several months. (Copyright 2024 The Associated Press. All rights reserved.)

She frequently calls Colorado the gold standard for election security, though there have been some hiccups in the past. The error has brought criticism from the chairman of the Colorado Republican Party at a time of heightened scrutiny of the country's election systems, though U.S. elections remain remarkably reliable.

Colorado law requires that election equipment is surveilled and stored in secure rooms — access to which is guarded, tracked and logged. Colorado voters fill out paper ballots, which are audited after the election.

Election officials learned last week that the spreadsheet, which held the passwords in a hidden tab, was available online. Once the lapse was discovered, Todd said, they acted immediately and informed the U.S. Cybersecurity and Infrastructure Security Agency.

The executive director of the Colorado Clerks Association, Matt Crane, told 9News that while the lapse was concerning, the association was satisfied with the Colorado Secretary of State's response.

Chairman of the Colorado GOP, Dave Williams, sent a letter to the department Tuesday demanding that, among other things, the secretary of state confirm that the exposed passwords have since been changed.

Earlier this month, a Colorado county clerk, Tina Peters, was sentenced to nine years behind bars for a data-breach scheme based in false claims about voting machine fraud in the 2020 presidential race.

Join our commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in