- Researchers have discovered a large set of data without guarantee online.
- This contains approximately 4 billion records, including personal information
- The data could be part of a surveillance effort addressed to Chinese citizens
Cyber security researchers have discovered an open instance containing “billions and billions” of recorded records, and millions of people could be at risk as a result.
Researcher in Cybernews He worked with the cybersecurity researcher and owner of the Site of the Cybernetic Risk Site and Data Protection SecurityDiscovery.com to discover a huge database without a password, filtering 631 GB of information, equating approximately 4 billion records.
The data set mainly consists of Chinese customers and users of a variety of different sources, in what Cybernew research teams believed that it is a database “meticulously gathered and maintained” designed to build “behavioral, economic and social integral profiles of almost any Chinese citizen.”
A surveillance effort
This could be part of a surveillance project, researchers argue, and there are many ways in which a threat actor could exploit this information, such as social engineering attacks, identity theft, fraud or even blackmail.
“The great volume and diversity of data types in this escape suggests that this was probably a centralized aggregation point, potentially maintained for surveillance, profile or enrichment purposes,” the team observed.
The instance was “” quickly eliminated “after it was discovered, but it is not known how long it was open. As expected, for suspicion of surveillance data, the information contains PII as complete names, birth dates and telephone numbers, as well as financial data such as card numbers, debt and savings information, and spending habits.
The largest collection of records probably came from Wechat, a Chinese alternative to WhatsApp, with more than 805 million recorded records.
Near behind there was a collection of residential data “with geographical identifiers” with 780 million, and a collection called “bank” of 630 million records, mainly with financial and identifiable personnel information.
If this data violation is as great as it seems, it contains more than one billion records more than the violation of national public data, which was recently reported as one of the greatest data infractions in history.
