Klein
42 posts
I scraped some of the Bahamas voter roll in 14 minutes. Then I mapped every single one of them as best as possible.
6,452 names. Voter IDs. Dates of birth. Home constituencies. 676 API calls. Zero rate limiting. Zero authentication beyond a public key sitting in the page source.
This isn't a hack. There's no exploit. No credentials were stolen. No systems were compromised.
The Bahamas government voter lookup tool has a 2-character minimum search, no rate limiting, and a CORS wildcard (*), meaning anyone, from any website on earth, can query it programmatically and pull data cross-origin without restriction.
I wrote a script that iterated every 2-letter prefix from "aa" to "zz." That's it. 14 minutes later I had the full roll.
What came back per voter: full legal name, voter registration number (used as government-issued ID), year of birth, constituency, polling division, and advance poll status. 8 PII fields per person, served up to anyone with a browser console and basic fetch knowledge.
So I built something to make the implications impossible to ignore.
Using constituency and polling division data alone, no addresses, no GPS, no phone records, I triangulated each voter's approximate physical location to within ~1-4km using a GEOSINT (Geographic Open Source Intelligence) visualization. Every dot on the map is a real person, placed within a polygon near their real neighborhood, derived entirely from "public" civic data.
Here's what an adversary would see when they connect the dots:
- Voter IDs are used for identity verification purposes, that's an identity fraud vector.
- Constituency + polling division = neighborhood-level geolocation without ever needing an address.
- Full name + year of birth + location = a social engineering playbook that practically writes itself.
- Advance poll registration = a confirmed physical location on a specific, known date
This isn't about The Bahamas specifically. Treating voter data as "public record" without considering what happens when public + structured + queryable + unprotected = weaponizable at scale.
The fix is embarrassingly simple:
• Increase the search minimum to 4+ characters
• Add rate limiting (even 10 requests/minute would have stopped this)
• Remove the CORS wildcard
• Require authentication for bulk-capable queries
None of this is hard. None of this is expensive. It just has to actually be done.
⚠️ This project is strictly for educational and awareness purposes. No data was used maliciously. The tool was built to demonstrate the real-world intelligence implications of exposed PII in civic systems so that the people responsible for protecting it understand the urgency.
If you work in election security, government IT, or data protection policy, this can be used with information like info stealers or malware that works together with information from the darknet for even further purposes like social engineering, this is just a very small example of what could evolve into something like a threat before it becomes a headline.
@ValaLegz @SansNevis @phreakydev @secmxx
#CyberSecurity #OSINT #GEOSINT #ElectionSecurity #DataPrivacy #InfoSec
English
@VancePoitier It’s crazy… something as simple as rate limiting is non-existent on most of our “serious” websites. It really makes me wonder where the millions in IT Consultation went. 😅
English
@313TeeWill @GangHits He fell down because he was startled, the article says he wasn’t hit.
English
English
@UnderratedLock @AyCartiii @BUTBOOMBOOM If anything post fade glitch needs to be patched. Steals right after reb. Rs shooting shouldnt be in the game at all. Contests are bad. Shooting is the last thing that needs to be touched.
English
This is a safe space…
Name your issue with shooting in NBA2K25?
English
English
This is an excerpt from Kobe Bryant’s autopsy report. We have the full document in our sister Facebook group @DeathAfterDark_ if you’d like to check it out - #deathafterdark #kobebryant #giannabryant
English
@dereckapurnell @BreeNewsome If you call the police to handle the situation, why are attempting to handle the situation on your own? He just arrived on scene and saw a girl attempting to stab people, so he did what he’s supposed to do (Protect people) Y’all really acting like the police is in the wrong😂😂
English
if you call the cops because someone broke into your house, and you get into a fight with the person who broke into your home, and the cops show up and shoot you, do you think that's okay? Do you think that's keeping people "safe"? Do you accept this potential outcome as normal?
English
One year of Warzone. Countless matches.
Celebrate the first year of dropping in by showing off your @CallofDuty #WarzoneReport. Tap below and tell us your Gamertag to earn your bragging rights.
English
@tylernathan1020 @Austo16 @charlieINTEL You right but the DMR and the Mac10 definitely need a nerf, the DMR shouldn’t be a 2 shot head it’s literally stronger than the dragonuv 😂😂 and the Mac10 needs a significantly higher damage drop-off.
English
Klein retweetledi
*PS5 GIVEAWAY*
I will be giving away ONE PS5 (or $500 cash) to a random follower/subscriber!
To enter the giveaway you need to:
1. Retweet this tweet.
2. Sub to my YouTube channel (youtube.com/c/YourFriendKy…) This is where winner will be announced on December 1st.
Good luck!
English
@Aye_onehunnit @WardJaedyn @quando_rondo More than one shooter 😂😂 niggas didn’t know where the shooters were, they were running trying to catchup to von. Plus von niggas shot back too one Quando’s men was shot too.
English
@ToastSenor @connqrr @NBA2K @ATCQ @JIDsv @tameimpala @LilTunechi @PopcaanMusic @runjewels @travisbarker @SAINtJHN @russdiemon @richbrian Stop giving him attention 😂😂 that’s what he wants.
English
@connqrr @NBA2K @ATCQ @JIDsv @tameimpala @LilTunechi @PopcaanMusic @runjewels @travisbarker @SAINtJHN @russdiemon @richbrian Just because he died doesn’t mean he has good music I hope to god they don’t put that trash in the game. Gone too soon tho RIP queen Von
English
