A massive online database in China apparently containing the personal data of up to one billion Chinese citizens was left unsecured and publicly accessible possibly for more than a year.

Those personal data was collected by the Shanghai police and stored in a database had been hosted by Alibaba Cloud. Both Alibaba and Shanghai police did not aware of this possibly data leak until last week. An anonymous user in a hacker forum offered to sell the data for 10 bitcoin and brought it to wider attention.

The anonymous user claimed the data included names, address, mobile numbers, national ID numbers, ages, birthplaces, and billions of records of phone calls made to police to report on civil disputes and crimes. As China is home to 1.4 billion people, the data breach of 1 million personal data could potentially affect more than 70% of the population. This would be the largest leak of public information by far.

The database which did not require a password possibly was shut down already. However, it is unclear how many people have accessed or downloaded the database during the 14 months of more. Experts are worried that this personal data leak might lead to extortion. Extortion of individual will often happen after data leaks. Hackers can even try to ransom individual using the leaked information.

 

Image source: https://cdn.cnn.com/cnnnext/dam/assets/220422142130-02-cyber-attack-cellphone-stock-exlarge-169.jpeg