- Exposed Elasticsearch cluster leaked 8.7 billion records of Chinese people and companies
- The data included PII, plaintext passwords and corporate registration details.
- The cluster is probably driven by data brokers; hosted on bulletproof provider, now blocked after discovery
One of the largest data breaches ever to occur in China has been detected after security researchers from cyber news reported finding an exposed Elasticsearch cluster containing more than 160 indexes.
These indexes contained approximately 8.7 billion records, primarily from Chinese individuals.
The records contained all types of sensitive and personally identifiable data, including names, addresses, phone numbers, dates of birth, gender information, social media handles, and plain text passwords. They also contained various corporate and business records, such as company registration details, legal representatives, business contact information, and registration addresses and license metadata.
Long-lasting aggregation effort
Researchers were unable to determine who owns the database, so there is no confirmation whether this was a malicious act or not. cyber news He says the cluster looked like what data brokers typically do, in that it was highly organized and completely segmented.
Since it was open for three weeks, it is possible that it was detected by threat actors in the meantime.
“Despite the short period of exposure, the scale of the data set means that automated scraping during this period could have led to widespread secondary diffusion,” the researchers said.
The data is mainly from people in mainland China, but the victims are scattered across several Chinese provinces.
The database may have been open for a few weeks, but it probably took much longer to collect it in its entirety. Apparently this was not done in one go and the data was probably obtained from different sources.
“The presence of timestamps and import dates points to a long-running aggregation effort rather than a single historical breach,” the team explained.
The researchers managed to find the provider hosting the cluster. It is a bulletproof hosting company, “commonly associated with high-risk or non-compliant data operations.” Apparently, after being notified, the provider locked the database.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to receive news, reviews and opinions from our experts in your feeds. Be sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form and receive regular updates from us on WhatsApp also.
