Skip to content 
Financial data, WeChat and Alipay details among leaked information
Image:
The database contains information on everything from WeChat records to gambling history
A massive database left exposed in China has revealed sensitive information that may have been used to build profiles on Chinese citizens.
Researchers have discovered a 631GB database left exposed to the open internet, containing around 4 billion records on Chinese citizens.
Bob Dyachenko, owner of Security Discovery, and the team at Cybernews found the trove of personal information, which they believe was gathered and maintained to build comprehensive behavioural, economic and social profiles on Chinese citizens.
While the team doesn’t specifically say the database was owned by the Chinese Communist Party, they do note that one of this size and scope is most often linked to governments, threat actors or very dedicated security researchers.
They said, “The sheer volume and diversity of data types in this leak suggests that this was likely a centralised aggregation point, potentially maintained for surveillance, profiling, or data enrichment purposes.”
What was included?
The database held several collections of information, ranging from half a million to more than 800 million records from various sources.
The team managed to view 16 collections before the exposed database was taken down, which also stopped them from finding the identity of the owner.
The 16 collections viewed were “likely” named for the type of data they included. For example, the largest collection – of 805 million records – was named “wechatid_db” and was most likely pulled from Tencent-owned super app WeChat.
A separate collection, “wechatinfo,” probably held metadata, communication logs, or even user conversations.
The second-largest collection, of 780 million records, was “address_db” and contained residential data with geographic identifiers. The third-largest, of 630 million records, was simply called “bank”. This contained personal information tied to financial data, including payment card numbers, dates of birth, names and phone numbers.
Other collections held information from China’s other super app, Alipay, as well as gambling, vehicle registration, employment information, pension funds and insurance.
There was even a collection the researchers believe to have held information related to Taiwan, called “tw_db”.
Unfortunately, because of the lack of any identifiers pointing towards data ownership, those affected by the leak can do little to protect themselves – especially considering the data’s massive scope.
