Researchers speculate that the data was collected to build detailed profiles of Chinese citizens, while users could do little to protect their privacy.
The shocking discovery was the result of a collaboration between researchers at Cybernews and the owner of the data protection website SecurityDiscovery.com. They found a completely open database, without requiring a password, containing up to 631 GB of information, equivalent to about 4 billion personal records.
£4bn of records containing almost all information on Chinese citizens have been leaked. Photo: Cimei
According to TechRadar , a giant unprotected database containing more than 4 billion sensitive user records has just been discovered online by cybersecurity researchers.
The incident is believed to be the largest data leak ever recorded, putting millions of users, mostly Chinese citizens, at extreme risk.
What is alarming is the nature of the leaked data. According to the team, this was no ordinary hack, but rather appeared to be a “meticulously collected and maintained” database designed to build “comprehensive behavioral, economic, and social profiles of virtually every Chinese citizen.” This raises suspicions that this could be part of a large-scale surveillance project.
The exposed records contained personally identifiable information (PII) such as full names, dates of birth, phone numbers, along with sensitive financial data such as card numbers, debt and savings information, and spending habits.
The data, which was likely compiled for profiling or surveillance purposes, was broken down into 16 collections. The largest collection, “wechatid_db,” contained more than 805 million records, while others included housing, financial, and ID data. In total, the leak exposed more than 4 billion records, including information related to Alipay, WeChat, and Taiwan.
“The largest collection, with over 805 million records, is named “wechatid_db,” which most likely refers to data coming from the Baidu-owned super app WeChat,” the post reads.
“The second largest collection, “address_db,” has more than 780 million records containing geo-identified housing data. The third largest collection, simply named “bank,” has more than 630 million records of financial data, including payment card numbers, birth dates, names, and phone numbers.
Information such as full names, dates of birth, phone numbers, along with sensitive financial data were all included in the leaked records. Photo: Cybernews
Possessing just these three collections would allow skilled attackers to correlate different data points to figure out where certain users live and their spending habits, debts, and savings.”
With such a wealth of detailed information, threat actors can easily carry out social engineering attacks, identity theft, financial fraud, or even blackmail victims.
While the database was quickly taken down after it was discovered, it is unknown how long it was exposed, meaning the data may have been copied and distributed. At more than 4 billion records, the incident is larger than the National Public Data leak, which was once considered one of the largest data breaches ever.
The team was unable to trace the leaked data to any organization because no identifiers were found, and the server was quickly taken offline. There was no clear way for affected individuals to respond. While China has seen major leaks before, such as those involving Weibo and DiDi, none on this scale. With over 4 billion records exposed, this appears to be China’s largest known personal data leak from a single source.
Source: https://khoahocdoisong.vn/chan-dong-lich-su-4-ty-ho-so-nguoi-dung-trung-quoc-bi-lo-post1546566.html
Comment (0)