Massive Data Leak Exposes Over 1.2 Billion Chinese Citizens’ Personal Information

On May 6, the Cybernews research team discovered an enormous dataset on the internet containing personal information exclusively of Chinese citizens. The volume of data has already exceeded 1.2 billion records and continues to grow.

The first entry in this archive was added on April 29, and within a week, the dataset expanded to 1,230,703,487 records. The leak, totaling approximately 100 gigabytes, primarily consists of phone numbers but also includes other sensitive information such as home addresses and identification numbers.

Most of the data was aggregated from previously leaked public databases, but unique and previously unseen data sets are also present. Researchers suggest that an organized group with potentially malicious intentions is behind this data collection.

What does the leak contain?

  • 668,304,162 records including QQ account numbers and phone numbers. QQ is an extremely popular social networking app in China, similar to WhatsApp.
  • 502,852,106 records containing Weibo account identifiers and phone numbers. Weibo is a Chinese microblogging platform, akin to a hybrid of Twitter and Facebook.
  • 50,557,417 records from the ShunFeng database, including phone numbers, names, and addresses. ShunFeng provides logistics/courier services in China.
  • 8,064,215 records in the Siyaosu dataset, revealing names, phone numbers, addresses, and identification numbers.
  • 746,310 records from Chezhu, containing names, phone numbers, email addresses, home addresses, and identification numbers.
  • 100,790 records from Pingan, including names, phone numbers, email addresses, home addresses, ordered services, card numbers, and insurance payout amounts. Pingan is an insurance company in China.
  • 78,487 records in the Jiedai sub-dataset, including names, phone numbers, home addresses, identification numbers, workplaces, education details, partners’ names, and phone numbers.

All this data is stored on servers in Germany, and the Kibana interface used to view the data is set to simplified Chinese, suggesting the administrator’s origin.

Potential dangers

Despite the absence of passwords in the leaked data, fraudsters could use this information to conduct large-scale fraudulent operations, including spam and phishing. Phone numbers, in particular, can be used for authentication or account recovery, increasing the risk of identity theft or unauthorized access.

Cybercriminals could also use the collected data for social engineering, attempting to gain trust and extract more sensitive information from victims.

Cybernews researchers have already informed the German cloud provider about the illegally stored data. Likely, steps will soon be taken to secure the data. This breach is the second largest this year, surpassed only by the “Mother of All Leaks” collection, which includes 26 billion records.