Alberta election database leak traced using planted fake entries

In short: Elections Alberta says it identified the source of a leaked voter database by planting fake entries that later appeared in an unauthorized online tool.

What happened

Elections Alberta maintains the province’s electoral list, a database with voter details like names, addresses, and voting districts for millions of people. Political parties can legally receive this list, but they must follow strict rules, including not sharing it with outside groups.

According to reporting cited by Ars Technica, a group called The Centurion Project used the electoral list to power an online database that let people look up voters. Elections Alberta went to court and obtained an order to shut down the site.

Elections Alberta then said it determined how the group got the data. When it releases the electoral list, it adds extra entries that are not real. This is sometimes called a “canary trap” (like putting a unique, harmless mark on each copy of a document so you can tell which copy leaked). The same fake entries that were included in the version given to the Republican Party of Alberta showed up in The Centurion Project’s online tool, Elections Alberta said.

It is still not clear exactly how the data moved from the party to the group. After the investigation, both groups publicly pledged to respect the law, and the site was taken down.

Why it matters

This story shows that intentional errors can sometimes improve security. By adding a few fake records, Elections Alberta could quickly trace where a copy came from, even without complex tools. For the public, it highlights how sensitive voter information can spread, and how election agencies and other organizations try to track and stop unauthorized sharing.

Source: Arstechnica