Colorado voting system passwords were posted online by mistake

In Colorado, a recent investigation revealed that a series of inadvertent and unforeseen events led to the exposure of voter system passwords on the Secretary of State's website. This occurred earlier in the year, specifically on June 21, when a spreadsheet containing information about county voting systems was shared online. The document was initially shared as a non-manipulable PDF, but an employee suggested using spreadsheet software for transparency, unknowingly revealing hidden tabs that contained the passwords. It was only on October 24 that the hidden tabs were discovered. The investigation, headed by attorney Beth Doherty Quinn, concluded that the passwords had been posted mistakenly and without any intentional wrongdoing from Secretary of State Jena Griswold or her team. The passwords included in the spreadsheet were one of two essential components to access the Colorado voting system. Griswold's spokesperson maintained that this incident did not pose a security threat to the voting processes in Colorado. While no malintent was found, the investigation identified that two policies were indeed violated during the process of sharing the document. Doherty Quinn recommended implementing stricter measures to ensure password protection going forward. Specifically, she suggested establishing a password safe for storing all sensitive information and developing a formal checklist for reviewing documents before they are posted online. This checklist should include checks for hidden tabs and such crucial elements as metadata. Consequently, the report emphasizes the need for better practices to safeguard critical information, ensuring voters' trust remains uncompromised. The investigation serves as a reminder of the vulnerabilities that exist in the management of sensitive election-related data and highlights the steps needed to prevent future occurrences.