- A large dataset has been discovered unsecured online by scientists
- This contained approx. 4 billion items – including personal information
- The data could potentially be part of a monitoring effort aimed at Chinese citizens
An open body containing “billions of billions” of exposed items has been discovered online by cybersecurity scientists – and millions of people may be at risk as a result.
Researcher on Cygenerws Worked with cybersecurity researcher and owner of cyber risk and data protection site security discovery.com to reveal a huge database without a password that leaks 631 GB of information, corresponding to approx. 4 billion items.
The data set consists primarily of Chinese customers and users from a variety of sources, in what the Cybergenws research teams thought is a “carefully assembled and maintained” database designed to build “comprehensive behavioral, economic and social profiles from almost every Chinese citizen.”
A monitoring effort
This can be part of a surveillance project, scientists claim, and there are plenty of ways in which a threat actor can utilize this information, such as social technical attacks, identity theft, fraud or even extortion.
“The large volume and diversity of data types in this leak suggests that this was probably a centralized aggregation point that is potentially maintained for monitoring, profiling or data enlargement purposes,” the team observed.
The instance was “” quickly taken down “after it was discovered, but it is not known how long it was open to. Not surprising to suspected surveillance data, the information contains PII as full names, birth dates and telephone numbers as well as financial data such as short numbers, debt and save information and skyhabits.
The largest collection of records probably came from WeChat, a Chinese alternative to WhatsApp, with over 805 million records postponed.
Close to the back was a collection of housing data “with geographical identifiers” with 780 million and a collection called “Bank” of 630 million items, primarily with financial and personally identifiable information.
If this data violation is as great as it looks, it contains over a billion items more than the National Public Data violation, which was recently reported as one of the biggest data violations ever.
