cross-posted from: https://lemmy.sdf.org/post/50394868
The exposed Elasticsearch cluster, which contained over 160 indices, held billions of primarily Chinese records, ranging from national citizen ID numbers to various business records. The massive leak is among the largest single Elasticsearch exposures ever recorded.
- Cybernews researchers discovered 8.7 billion exposed Chinese records on an unsecured Elasticsearch cluster, one of history’s largest data leaks.
- The leaked data includes national ID numbers, home addresses, plaintext passwords, and social media identifiers, creating severe identity theft risks.
- The exposed database remained publicly accessible for over three weeks before being closed, giving attackers ample time to scrape data.
- Researchers believe the dataset was intentionally aggregated on bulletproof hosting, suggesting data broker activity or malicious intent.
[…]
According to the team, the exposed data aggregates personal identifiers, contact information, government-style identifiers, online account references, and credentials at an unprecedented scale.
The geographic distribution of the leaked records is limited, predominantly focusing on mainland China, with regional metadata spanning multiple Chinese provinces and cities.
[…]
Personally Identifiable Information (PII):
- Full names
- Mobile phone numbers
- National ID numbers
- Home addresses
- Date and place of birth
- Gender and demographic attributes
Account and platform data:
- Messaging and social media identifiers
- Email addresses
- Usernames
- Platform-specific account references
Authentication data:
- Plaintext and weakly protected passwords in multiple datasets
Corporate and Business Records:
- Company registration details
- Legal representatives
- Business contact information
- Registration addresses and licensing metadata
Largest Chinese data leak: What are its implications?
Even though the 8.7 billion-record-strong dataset is no longer accessible, it was open for over three weeks, giving malicious actors ample time to scrape it. Our researchers believe attackers could utilize the data for multiple purposes.
For one, the exposed records included plaintext credentials, some with poorly protected passwords. This type of data is extremely useful for account takeovers, with cybercriminals accessing additional user details. Password information enables cybercrooks to carry out credential stuffing attacks, as users often reuse the same passwords for multiple accounts.
Another major risk for individuals is identity theft. Since the dataset included tremendous amounts of PII, together with national identifiers, malicious actors may attempt to set up fraudulent accounts. ID numbers are often the key metric that organizations and businesses demand upon setting up accounts.
[…]
How the turntables