Security News > 2022 > July > How data on a billion people may have leaked from a Chinese police dashboard

How data on a billion people may have leaked from a Chinese police dashboard
2022-07-10 16:48

Details have emerged on how more than a billion personal records were stolen in China and put up for sale on the dark web, and it all boils down to a unprotected online dashboard that left the data open to anyone who could find it.

The data collection included names, addresses, birthplaces, national ID numbers, cellphone numbers, and details of any related police records.

Quick to jump in, Binance CEO Changpeng Zhao stated on Twitter the data was swiped after a government developer wrote a blog post on the Chinese Software Developer Network that, presumably accidentally, included the credentials necessary to access the information.

"The service leaking the data was an unprotected Kibana instance running on port 5601, the default Kibana port," LeakIX claimed.

If that's correct, it means if anyone scanned the internet for public-facing Kibana deployments, they would have eventually found this one in China.

If LeakIX is correct, the thief may have pulled the data from the unprotected public-facing Kibana instance or from the underlying public Elasticsearch cluster that Kibana provided a web interface for.


News URL

https://go.theregister.com/feed/www.theregister.com/2022/07/10/stolen_shanghai_police_data/

Related vendor

VENDOR LAST 12M #/PRODUCTS LOW MEDIUM HIGH CRITICAL TOTAL VULNS
Billion 2 0 1 6 3 10