Leak with 4B records from Chinese citizens discovered by researchers

Cybersecurity researchers have exposed what they term “likely the biggest data leak to ever hit China,” with 4 billion records left in a database without a password. The data includes personal information such as names, dates of birth, phone numbers, IDs and bank card numbers that could be used for identity theft, fraud and large-scale phishing operations.

The massive 631-gigabyte dataset also stores information from Alibaba-owned payment platform AliPay and Tencent’s popular social platform WeChat, possibly including WeChat user IDs.

The discovery was made by a research team at media outlet Cybernews and Bob Dyachenko, owner of SecurityDiscovery.com. The team believes the dataset was gathered and maintained to build behavioral, economic and social profiles of Chinese citizens.

“The sheer volume and diversity of data types in this leak suggest that this was likely a centralized aggregation point, potentially maintained for surveillance, profiling, or data enrichment purposes,” they say.

The instance was taken down soon after the discovery, preventing the researchers from identifying the owners of the database.

Location, debt, employment data and more

The research team identified sixteen distinct data collections, likely organized by content type.

The largest collection, containing more than 805 million records, was labeled “wechatid_db,” suggesting a connection to WeChat. The second-largest collection, “address_db,” held over 780 million records of residential data with geographic identifiers. A third collection labeled “bank” contained more than 630 million financial records, including payment card details, birth dates, names and telephone numbers.

Access to these three collections alone would allow cybercriminals to determine users’ residential locations and analyze their financial patterns, the team says.

Another significant collection, with a Mandarin name that translates approximately to “three-factor checks,” had 610 million records and appeared to contain IDs, phone numbers and usernames. The fifth-largest collection, labeled “wechatinfo,” held nearly 577 million records, most likely metadata, communication records or user message content.

Alipay card and token information were stored in a collection called “zfbkt_db,” holding 300 million records. Another smaller collection also held Alipay-related financial data, potentially paving the way for attackers to perform unauthorized payments, account takeovers and identity theft.

Other collections held more than 353 million records in total, including information on gambling, vehicle registration, employment information, pension funds and insurance. The researchers believe that one collection, named “tw_db,” contains Taiwan-related information.

Article Topics

China  |  cybersecurity  |  data privacy  |  data protection  |  digital identity  |  identity theft