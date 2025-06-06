Over 4 billion user records leaked in "largest breach ever" - here's what you need to know
Billions of documents containing sensitive data exposed online
- A huge dataset has been discovered unsecured online by researchers
- This contained roughly 4 billion records - including personal information
- The data could potentially be part of a surveillance effort targeting Chinese citizens
An open instance containing "billions upon billions” of exposed records has been discovered online by cybersecurity researchers - and millions of people could be at risk as a result.
Researcher at Cybernews worked with cybersecurity researcher and owner of cyber risk and data protection site SecurityDiscovery.com to uncover a huge database without a password, leaking 631GB of information, equating to roughly 4 billion records.
The dataset primarily consists of Chinese customers and users from a range of different sources, in what the Cybernews research teams believed is a “meticulously gathered and maintained” database designed to build “comprehensive behavioral, economic, and social profiles of nearly any Chinese citizen.”
A surveillance effort
This could be part of a surveillance project, researchers argue, and there are plenty of ways that a threat actor could exploit this information, such as social engineering attacks, identity theft, fraud or even blackmail.
“The sheer volume and diversity of data types in this leak suggests that this was likely a centralized aggregation point, potentially maintained for surveillance, profiling, or data enrichment purposes,” the team observed.
The instance was “”quickly taken down” after it was discovered, but it’s not known how long it was open for. Unsurprisingly for suspected surveillance data, the information contains PII like full names, dates of birth, and phone numbers, as well as financial data like card numbers, debt and saving information, and spending habits.
The largest collection of records most likely came from WeChat, a Chinese alternative to WhatsApp, with over 805 million records exposed.
Close behind was a collection of residential data “with geographic identifiers” with 780 million, and a collection named “bank” of 630 million records, primarily with financial and personally identifiable information.
If this data breach is as large as it seems, it contains over a billion records more than the National Public Data breach, which was recently reported as one of the largest data breaches ever.
