Massive Chinese data breach allegedly spills 8.7 billion records - here's what we know

News
By published

Someone kept a gigantic database unlocked on the internet

Data leak
(Image credit: Shutterstock)
  • Exposed Elasticsearch cluster leaked 8.7 billion records of Chinese individuals and businesses
  • Data included PII, plaintext passwords, and corporate registration details
  • Cluster likely run by data brokers; hosted on bulletproof provider, now locked down after discovery

One of the largest data leaks ever to happen in China has been detected after security researchers from Cybernews reported coming across an exposed Elasticsearch cluster that contained more than 160 indices.

These indices held approximately 8.7 billion records, primarily of Chinese individuals.

The records contained all sorts of personally identifiable and sensitive data, including names, addresses, phone numbers, birth dates, gender information, social media identifiers, and plaintext passwords. They also contained various corporate and business records such as company registration details, legal representatives, business contact information, and registration addresses and licensing metadata.

Long-running aggregation effort

The researchers could not determine who the owner of the database is, so there is no confirmation if this was a malicious act, or not. Cybernews says the cluster resembles what data brokers usually do, since it was highly organized and thoroughly segmented.

Since it was open for three weeks, it is possible that it was picked up by threat actors in the meantime.

“Despite the short exposure window, the scale of the dataset means that automated scraping during this period could have resulted in widespread secondary dissemination,” the researchers said.

The data belongs mostly to people in mainland China, but victims are scattered across multiple Chinese provinces.

The database may have been open for mere weeks, but it probably took a lot longer to harvest all of it. Apparently, this wasn’t done in a single swoop, and the data was likely scraped from different sources.

“The presence of timestamps and import dates points to a long-running aggregation effort rather than a single historical breach,” the team explained.

Investigators managed to find the provider that hosted the cluster. It is a bulletproof hosting company, “commonly associated with high-risk or non-compliant data operations.” After being notified, the provider locked the database down, it seems.

Best antivirus software header
The best antivirus for all budgets

➡️ Read our full guide to the best antivirus
1. Best overall:
Bitdefender Total Security
2. Best for families:
Norton 360 with LifeLock
3. Best for mobile:
McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead Fadilpašić

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.