What they did is get hold of publicly available voter information, then simply use the Secretary of State’s website to change a voter’s address. Voila! The ballot gets re-routed, and the voter wonders why they didn’t get a ballot. The article cites the potential of thousands of registrations being changed this way, impacting the outcome of elections. Is that really a danger?
Theoretically, yes. Even Secretary Reed’s staff admitted it could happen, although they cited several security measures already in place that would make it difficult to do on a grand scale. This is one of the many vulnerabilities with a vote-by-mail system, where someone really could submit ballots for a hundred other people and not be noticed. It’s a little harder to pull a hundred levers in a polling place without being stopped.