- Exposed Elasticsearch cluster leaked 8.7 billion records of Chinese individuals and businesses
- Data included PII, plaintext passwords, and corporate registration details
- Cluster likely run by data brokers; hosted on bulletproof provider, now locked down after discovery
One of the largest data leaks ever to happen in China has been detected after security researchers from Cybernews reported coming across an exposed Elasticsearch cluster that contained more than 160 indices.
These indices held approximately 8.7 billion records, primarily of Chinese individuals.
The records contained all sorts of personally identifiable and sensitive data, including names, addresses, phone numbers, birth dates, gender information, social media identifiers, and plaintext passwords. They also contained various corporate and business records such as company registration details, legal representatives, business contact information, and registration addresses and licensing metadata.
Long-running aggregation effort
The researchers could not determine who the owner of the database is, so there is no confirmation if this was a malicious act, or not. Cybernews says the cluster resembles what data brokers usually do, since it was highly organized and thoroughly segmented.
Since it was open for three weeks, it is possible that it was picked up by threat actors in the meantime.
“Despite the short exposure window, the scale of the dataset means that automated scraping during this period could have resulted in widespread secondary dissemination,” the researchers said.
The data belongs mostly to people in mainland China, but victims are scattered across multiple Chinese provinces.
The database may have been open for mere weeks, but it probably took a lot longer to harvest all of it. Apparently, this wasn’t done in a single swoop, and the data was likely scraped from different sources.
“The presence of timestamps and import dates points to a long-running aggregation effort rather than a single historical breach,” the team explained.
Investigators managed to find the provider that hosted the cluster. It is a bulletproof hosting company, “commonly associated with high-risk or non-compliant data operations.” After being notified, the provider locked the database down, it seems.
The best antivirus for all budgets
Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!
And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.
https://cdn.mos.cms.futurecdn.net/GcQXTy4NBXKeoop4V5WQnQ-970-80.jpg
Source link
