![]() Troia said he downloaded one of the main indexes of the database, which appears to contain information on nearly 970 million Chinese citizens. ![]() “Since it was opened in April 2021, any number of people could have downloaded the data,” he added. “The site that I found it on is public, anybody (could) access it, all you have to do is register for an account,” Troia said. Vinny Troia, a cybersecurity researcher and founder of dark web intelligence firm Shadowbyte, said he first discovered the database “around January” while searching for open databases online. Two Western cybersecurity experts who spoke to CNN were both aware of the existence of the database before it was thrust into the public spotlight last week, suggesting it could be easily discovered by people who knew where to look. It is unclear how many people have accessed or downloaded the database during the 14 months or more it was left publicly available online. Once the data is out there in the form it appears to be now, there’s no going back,” said Hunt. “It’s a little bit of a case where the genie is not going to be able to go back in the bottle. “As it stands today, I believe this would be the largest leak of public information yet – certainly in terms of the breadth of the impact in China, we’re talking about most of the population here,” said Troy Hunt, a Microsoft regional director based in Australia.Ĭhina is home to 1.4 billion people, which means the data breach could potentially affect more than 70% of the population. On Wednesday, Alibaba said it declined to comment.īut experts CNN spoke with said it was the owner of the data who was at fault, not the company hosting it. ![]() When reached by CNN for comment on Monday, Alibaba said “we are looking into this” and would communicate any updates. The seller also claimed the unsecured database had been hosted by Alibaba Cloud, a subsidiary of Chinese e-commerce giant Alibaba. ![]() The Shanghai government and police department did not respond to CNN’s repeated written requests for comment. CNN verified the authenticity of more than two dozen entries from the sample provided by the seller, but was unable to access the original database. The user claimed the database was collated by the Shanghai police and contained sensitive information on one billion Chinese nationals, including their names, addresses, mobile numbers, national ID numbers, ages and birthplaces, as well as billions of records of phone calls made to police to report on civil disputes and crimes.Ī sample of 750,000 data entries from the three main indexes of the database was included in the seller’s post. The vast trove of Chinese personal data had been publicly accessible via what appeared to be an unsecured backdoor link – a shortcut web address that offers unrestricted access to anyone with knowledge of it – since at least April 2021, according to LeakIX, a site that detects and indexes exposed databases online.Īccess to the database, which did not require a password, was shut down after an anonymous user advertised the more than 23 terabytes (TB) of data for sale for 10 bitcoin – roughly $200,000 – in a post on a hacker forum last Thursday. The leak could be one of the biggest ever recorded in history, cybersecurity experts say, highlighting the risks of collecting and storing vast amounts of sensitive personal data online – especially in a country where authorities have broad and unchecked access to such data. A massive online database apparently containing the personal information of up to one billion Chinese citizens was left unsecured and publicly accessible for more than a year – until an anonymous user in a hacker forum offered to sell the data and brought it to wider attention last week.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |