Security researchers unearthed an unprotected server with hundreds of millions of records, holding data from several major brands such as JD.com (a Chinese e-commerce company), Weibo (China’s top social media platform), DiDi (the country’s largest ride-hailing company), and many others. The victims are primarily Chinese citizens, which places this breach among the biggest of its kind.
The dataset stores full names and government ID numbers, and data seems to belong to various Chinese banks, Weibo, and some mobile operators, which raises the alarm as it signifies a major data breach across different sectors. The dataset was discovered on a now-closed Elasticsearch server. However, the ownership of the server could not be established, which shows the malicious intent behind collecting this huge amount of data. Generally, malicious actors compile such large datasets for a wide range of attacks that includes identity theft, sophisticated phishing schemes, targeted cyberattacks, and unauthorized access to personal and sensitive accounts.
The 1.5 million dataset contains full names, email addresses, phone numbers, financial records, transportation, and educational records. Some of the sectors to which the dataset corresponds are e-commerce, healthcare, finance, social media, and education sectors. The most significant chunk of records were grouped in a collection credited to QQ messenger, Tencent’s instant messaging software, followed by Weibo, sometimes referred to as China’s Twitter. The third largest exposed dataset, with over 25 million records, was tagged to China’s largest courier service, SF Express. The dataset also held data from Collections like Securities (243k), China Provident Fund (531k), China Union Pay Users (1.1 million), China Merchants Bank (1 million), Bank of China (985k), as well as a collection named Cryptocurrency (100k), suggesting a massive financial data exposure.
The leaked records may belong to old data leaks that had impacted these organizations. For instance, Weibo reported a compromise of 504 million user data in 2020, while some of the leaked data has no previous reports. This massive scale of exposed records, encompassing different socioeconomic sectors, enables malicious actors to carry out many types of attacks ranging from identity theft to targeted spear phishing campaigns. There’s little that the attackers could not do, given the time and persistence to analyze 1.5 billion leaked records.
