Sun. Dec 8th, 2019

The largest data breach event: personal and social information of 1.2 billion people leak

2 min read

A few days ago security researchers from Data Viper discovered a publicly accessible server that contained an alarming 4TB database. The analysis found that this huge database actually contains up to 4 billion user account data, and after deduplication, it found that the total amount record involved up to 1.2 billion natural persons. This level of the database also made this security incident the largest leak in history, and the leaked data far exceeded Yahoo and Facebook’s analysis of the incident.

USPS Site Exposed Data

The security personnel conducted a random inspection of the data and found that the database contains various information such as the user’s account number, name, nickname, email address, and phone number. In addition, the database was also found to capture the user’s Facebook dynamic analysis of privacy behaviors, grab the workplace social platform LinkedIn data analysis user’s work and other information. The database does not contain certain key information such as the user’s account password or home address, and financial information such as credit cards are not included. However, this database also records very private information such as the number of users, financial or income platforms, religious preferences, etc. obtained through data analysis or capture. If the black gang gets the data, it can still be used for phishing scams, and spammers can be used to promote advertising content.

This multi-dimensional analysis and record user’s database is publicly stored on Google’s cloud computing platform, and users can directly retrieve or download the database. After the security personnel contacted Google’s cloud computing platform, the company dropped the server but based on privacy considerations, Google did not disclose which company these servers belong to. It is worth noting that before the security personnel discovered the database, the server has been exposed to the public network for a long time, so it is difficult to say whether the data has been stolen.