Indonesian Presidential Election: 463 Permanent Voter Records Exposed in Major Data Leak

Dark Web News Analysis

Cybersecurity intelligence from February 17, 2026, has identified a specific data exposure involving the Permanent Voters List (DPT). A threat actor operating under the alias Shadownex has leaked a sample containing 463 voter records on a hacker forum. This leak is part of a series of targeted exfiltrations by the actor, who has recently focused on regional and administrative data across Indonesia.

The leaked dataset, while concise, provides “high-fidelity” personal information. The exfiltrated data typically includes:

• Personally Identifiable Information (PII): Full legal names and gender.
• Electoral Specifics: Voter registration status and specific polling station (TPS) identifiers.
• Sensitive Identifiers: Partial or full National ID (NIK) data and dates of birth.
• Geographic Metadata: Detailed residential addresses linked to specific voting districts.

Key Cybersecurity Insights

The breach of voter registries is a “Tier 1” threat that combines privacy violations with potential democratic interference:

• Hyper-Targeted “Election” Phishing: By knowing a voter’s exact district and polling station, attackers can launch convincing Smishing (SMS phishing) or Vishing (voice phishing) campaigns. These messages may spread disinformation about polling location changes or “verification” steps to trick voters into revealing more sensitive data.
• Identity Enrichment for Financial Fraud: Voter lists provide a verified link between a name, a birthdate, and an address. Cybercriminals use this to “enrich” their existing databases, making it significantly easier to bypass bank security questions or create synthetic identities for illegal online loans (Pinjol).
• Vulnerability of Electoral Data Management: Localized leaks like this often stem from insecure API endpoints or misconfigured regional servers used for voter verification. They serve as a “proof of concept” for larger attacks on national electoral infrastructure.
• Political Hacktivism and Attrition: The actor Shadownex frequently accompanies these leaks with political commentary. This suggests that the primary motive may be to demonstrate technical dominance over government systems and to erode public trust in the security of the electoral process.

Mitigation Strategies

To protect your digital identity and ensure your voter information remains secure, the following strategies are urgently recommended:

• Verify via Official Portals Only: Always use the official General Elections Commission (KPU) website or verified mobile applications to check your registration status. Never click on third-party links sent via WhatsApp or SMS that claim to show your voter details.
• Vigilance Against “Official” Inquiries: Be hyper-aware of unsolicited calls referencing your voting district or DPT status. Official election bodies will never ask for your full NIK, banking passwords, or OTPs over the phone.
• Monitor Personal Identifiers: If you suspect your data is part of this leak, monitor your financial accounts and credit reports for any unauthorized activity. The combination of name and birthdate is a common entry point for identity thieves.
• Hardening of Electoral API Endpoints: Administrative bodies must prioritize Zero Trust Architecture and robust rate-limiting on all public-facing voter search tools to prevent automated scraping by actors like Shadownex.

Secure Your Future with Brinztech — Global Cybersecurity Solutions

From agile SMEs and global enterprises to national agencies, Brinztech provides the strategic oversight necessary to defend against evolving digital threats. We offer expert consultancy to audit your current IT policies and GRC frameworks, identifying critical vulnerabilities before they can be exploited. Whether you are protecting a local business or a government entity, we ensure your security posture translates into lasting technical resilience—keeping your digital footprint secure, your citizens’ data private, and your future protected.

Questions or Feedback? For expert advice, use our ‘Ask an Analyst’ feature. Brinztech does not warrant the validity of external claims. For general inquiries or to report this post, please email us: contact@brinztech.com