China exposes millions of citizens’ data

The leaked information was in a database belonging to a company dedicated to the development of security and surveillance software

Network security and ethical hacking specialists from the International Institute of Cyber Security report the finding of an unsecured database, an incident that exposed personal details of more than 2 million Chinese residents.

The Chinese government has been targeted for criticism, among other reasons, due to the use of facial recognition cameras to monitor the movements of millions of Uighur settlers in Xinjiang province.

Network security experts revealed the leak in recent days. The database found included names, citizen identity numbers, dates of birth, and other personal details.

“There is a Chinese company called SenseNets, dedicated to the development of security software based on artificial intelligence to perform facial recognition, crowd analysis and identity verification. Anyone can access their commercial IP and millions of accumulated records of this information-gathering work”, says one of the research specialists.

According to experts, the database contains more than 2.5 million records of people; the database would have remained exposed around 24 hours continuous, the experts added.

The original database was left exposed without a single authentication measure; network security specialists say that, so far, SenseNets’s attempts to mitigate the incident have proved fruitless.

“Although the SenseNets teams tried to update their Windows server 2012 software, they shut down the firewall in the process, leaving their MongoDG and MySQL server vulnerable to new account”, commented the experts. 

Specialists warn that although this leaked information is blocked for most users outside of Chinese territory, the material is accessible from within the country. “With a Chinese proxy it’s easy to access the database”.

In addition to being a serious information security problem, this incident is another example of the strict surveillance policy implemented by Xi Jinpin’s Government, who is willing to spy every detail of the existence of the people considered as risky for China’s security.

Some experts have shown their concern at how often these incidents occur: “Sometimes most of the data found in these bases is not so valuable. However, when details are also found as citizen identification numbers, detailed profiles of the affected people can be elaborated, which is very useful in various malicious activities, such as identity fraud”, concluded the experts.