Cybersecurity researchers have discovered what they said could be the country’s largest ever one-stop data leak, with thousands of Chinese digital entrepreneurs found to be the biggest victims.
The vast cache of personal and financial data was discovered unprotected on the internet, and the discovery raised alarms about privacy, surveillance and the compiling of detailed dossiers on millions of Chinese citizens.
The discovered database weighed in at a whopping 631GB and was filled with all manner of sensitive data. Preliminary analysis suggests the data contains full names and dates of birth as well as phone numbers, while some files contained children’s names, dates of birth and card types.Experts have warned data thieves could use the gesture information to exploit victims.
Perhaps most disturbing, the database also contained residential addresses linked to geographic coordinates. This exhaustive database could have been used as a centralized collection point, perhaps for surveillance and/or profiling and/or enrichment.
WeChat, China’s all-encompassing messaging and social media platform, is among the platforms that have been hardest hit, with more than 805 million records thought to be involved in the leak. Other major sets are residential data (780 million records) and financial data from a ‘bank’ collection (630 million records).
This is by more than a billion records, the largest single breach in history with the second placing incident being the most recent National Public Data breach.
Although the unsecured instance was “promptly taken down” following its discovery, how long it was accessible is a mystery, which means billions could be exploited.
The exposed info is wa fertile ground for the criminal underground who might use it in advanced social engineering attacks, identity theft, financial fraud, blackmail and so on.
This mega-leak serves as yet another wake-up call to the endemic and evolving cybersecurity threat landscape in China, where it is home to some of the most stringent cybersecurity laws and regulations, including Cybersecurity Law (CSL), Data Security Law (DSL) and Personal Information Protection Law (PIPL).
The vastness of this breach illustrates the difficultly of securing expansive digital environments and the importance of strong measures to protect data.
Authorities have not commented on the source of the breach, or who might be behind it. But the episode is likely to rekindle worries over data privacy and the safety of personal information in a digitally interconnected world, not only in China but around the world.
“Consumers should continue to be on the lookout for scammers and never open emails from unknown senders,” the alert says, adding that those affected should also consider identity theft protection.
