Data Security, Patch/Configuration Management

Misconfiguration exposes billions of Chinese records

concept of leaky software, data with a tap sticking out.3d illustration

Cybernews reports that more than 8.7 billion Chinese records have been spilled by an unprotected Elasticsearch cluster in what is among the largest exposures in the open-source distributed search and analytics engine.

Apart from leaking personally identifiable information, including names, birthdates, home addresses, and national ID numbers, the misconfigured database whose ownership remains uncertain also exposed social media identifiers, usernames, and other account and platform details, as well as plaintext credentials and corporate and business records that may have been obtained as part of a long-term data aggregation initiative, according to Cybernews researchers.

"This exposure demonstrates how large-scale personal data aggregation can persist outside regulatory oversight when hosted in permissive environments. Even without a confirmed owner, the dataset represents a systemic privacy risk affecting potentially hundreds of millions of individuals," said researchers, who noted that the database has since been secured. Such a discovery comes months after more than 500 GB of Great Firewall of China-related documents were exposed by an anonymous threat actor.

Get daily email updates

SC Media's daily must-read of the most current and pressing daily news

By clicking the Subscribe button below, you agree to SC Media Terms of Use and Privacy Policy.

You can skip this ad in 5 seconds