The largest ever data leak to hit China has exposed over 4 billion user records which include financial data, WeChat and Alipay details as well as sensitive personal info like IDs, birthdates, phone numbers, and residential data.
As reported by Cybernews, a massive database with 631 gigabytes of private and sensitive info was left exposed online without a password, essentially leaving 4 billion records available for public access.
Cybersecurity research Bob Dyachenko worked alongside the news outlet to discover the exposed records on an open instance. According to Cybernews and its research team responsible for the discovery, it’s possible that the dataset was gathered and maintained specifically for creating a list of behavioral, economic and social profiles for almost every Chinese citizen.
This database held a variety of collections, some of which contained half a million records and some that had over 800 million records, all from different sources. The team said that “the sheer volume and diversity of data types in this leak suggests that this was likely a centralized aggregation point, potentially maintained for surveillance, profiling, or data enrichment purposes.”
Stolen personal information can be used for any number of malicious purposes like phishing, fraud and identity theft to blackmail and social engineering attacks.
Cybernews reports that they did not get an extended look at the database because it was quickly taken down, nor do they have an ability to reveal the identity of its owner. Obviously maintaining and collecting a database of this size would require a sizable amount of resources and skill as well as time and effort, which narrows down the number of groups who could be responsible.
Cybernews managed to organize sixteen collections of data, including one from WeChat (805 million records), a collection of residential data with geographic identifiers (780 million records), a financial data group with payment card numbers, birthdates, names and phone numbers (630 million records), and one that may have contained IDs, phone numbers and user names (610 million records).
Taken along with the data groups from Alipay, WeChat, and others, the owner of this database knows a significant amount of details about the individuals listed including their spending habits, debt, employment information, insurance and vehicle registration, pension funds, savings or gambling habits.
What’s worse is that because there's no information regarding who owns this database and its infrastructure has since been removed, potential affected victims have no recourse.
How to stay safe after a data breach
If you've think you may have been affected by a data breach – and these days many of us have – you want to take advantage if an affected company provides you with free access to one of the best identity theft protection services.
Likewise, you're going to want to make sure that you're closely monitoring your accounts for any unusual or suspicious activity. You may also want to consider a credit freeze.
Educate yourself on the signs of phishing attacks and make sure you never click on any unexpected links, attachments, files or QR codes from people you don’t know. You also want to be wary of people on social media who may reach out to you with offers or those who want you to download or click on files or attachments. If you receive something that appears to be from someone you do know, confirm it with them in an independent manner like by calling them on the phone (old-fashioned I know).
When going online, make sure you have one of the best antivirus software programs installed and up to date since these programs often include a have VPN, password manager, secure browser and other extra security tools to help keep you safe online.
Given the size of this data leak and the number of potential victims, we might learn more about the database in question and its owner soon. Even though this particular data leak only affects people in China, it's a stark reminder that even if you're super careful online, you can't control how others store and secure your data.
More from Tom's Guide
- It’s time to update Chrome — zero-day bug is being exploited in the wild by hackers
- Meta called out for tracking Android users across the web without their consent — what you need to know
- Dangerous new Android malware adds fake contacts to your phone while draining bank accounts — how to stay safe
You must confirm your public display name before commenting
Please logout and then login again, you will then be prompted to enter your display name.
