- A huge set of data has been discovered online by researchers
- This contained about 4 billion files – including personal information
- Data could potentially be part of a surveillance effort targeting Chinese citizens
An open body containing “billions and billions” of exposed files was discovered online by cybersecurity researchers – and millions of people could in danger.
Researcher at Cyberness Worked with the cybersecurity researcher and owner of Cyber Risk and Protection of the SecurityDoVery.com site to discover a huge database without password, Fallant 631 GB of information, which is equivalent to around 4 billion records.
The data set consists mainly of Chinese customers and users from a range of different sources, in what Cybernews research teams thought they were a “meticulously gathered and maintained” database designed to build “complete behavioral, economic and social profiles of almost all Chinese citizens”.
A surveillance effort
This could be part of a surveillance project, according to the researchers, and there are many ways that a threat player can use this information, such as social engineering attacks, identity theft, fraud or even blackmail.
“The volume and diversity of data types in this leak suggest that it was probably a centralized aggregation point, potentially maintained for the monitoring, profiling or enrichment of data,” observed the team.
The example was “” quickly withdrawn “after his discovery, but it is not known how long it was open. Not surprisingly for suspected surveillance data, information contains complete names, birth dates and telephone numbers, as well as financial data such as card numbers, debt and backup information and spending habits.
The largest collection of files probably came from WeChat, a Chinese alternative to WhatsApp, with more than 805 million discs exposed.
Close behind was a collection of residential data “with geographic identifiers” with 780 million, and a collection called “bank” of 630 million files, mainly with financial and personally identifiable information.
If this data violation is as important as it seems, it contains more than a billion more recordings than the national violation of public data, which has recently been reported as one of the greatest data violations.
