China Police Database Was Left Open Online for Over a Year, Enabling Leak

China Police Database Was Left Open Online for Over a Year, Enabling Leak (wsj.com)

Posted by msmash from the closer-look dept.

What is likely one of history’s largest heists of personal data — and the largest known cybersecurity breach in China — occurred because of a common vulnerability that left the data open for the taking on the internet, say cybersecurity experts who discovered the security flaw earlier this year. WSJ: The Shanghai police records — containing the names, government ID numbers, phone numbers and incident reports of nearly 1 billion Chinese citizens — were stored securely, according to the cybersecurity experts. But a dashboard for managing and accessing the data was set up on a public web address and left open without a password, which allowed anyone with relatively basic technical knowledge to waltz in and copy or steal the trove of information, they said. “That they would leave this much data exposed is insane,” said Vinny Troia, founder of dark web intelligence firm Shadowbyte, which scans the web for unsecured databases and found the Shanghai police database in January.

The database stayed exposed for more than a year, from April 2021 through the middle of last month, when its data was suddenly wiped clean and replaced with a ransom note for the Shanghai police to discover, according to Bob Diachenko, owner of the cybersecurity research firm SecurityDiscovery, which similarly found the database — and later the note — through its periodic web scans earlier this year. “your_data_is_safe,” the ransom note read, according to screenshots provided by Mr. Diachenko. “contact_for_your_data…recovery10btc,” meaning the data would be returned for 10 bitcoin, roughly $200,000. The ransom amount matches the price that an anonymous user began asking for last Thursday on an online cybercrime forum in exchange for access to a database the user claimed contained billions of records of Chinese citizens’ information stolen from a Shanghai national police database.

Optimization hinders evolution.


Related Articles

Back to top button