Mr. Kemp, 54 years old, was one of only a few secretaries of state who declined DHS offers to help improve the security of state voting systems in 2016, as reports were beginning to emerge of Russia-backed hacking of state election systems. And in December 2016, Mr. Kemp accused DHS itself of hacking into his office’s network, which the department’s inspector general later concluded wasn’t a cyberattack but residual traffic from a government employee doing a proper check of the state’s firearms database.

ProPublica’s review of the state’s voter system followed a detailed recipe created by the tipster, who was described as having IT experience and alerted Democrats to the possible security problems. Using the name of a valid Georgia voter who gave ProPublica permission to access his voter file, reporters attempted to trace the security lapses that were identified.

ProPublica found the website was returning information in such a way that it revealed hidden locations on the file system. Computer security experts had said that revelation could give an intruder access to a range of information, including personal data about other voters and sensitive operating system details.

ProPublica’s attempt to take the next step — to poke around the concealed files and the innards of the operating system — was blocked by software fixes made that evening. According to the tipster’s recipe, it was also possible to view a voter’s driver’s license, partial Social Security number and address.

...

ProPublica’s test on Sunday found traces of the same vulnerabilities the tipster described in his digital recipe. Details of the alleged vulnerabilities were provided to ProPublica by the website WhoWhatWhy.org, which first reported on the security issues this weekend.