A massive online database apparently containing the personal information of up to one billion Chinese citizens was left unsecured and publicly accessible for more than a year – until an anonymous user in a hacker forum offered to sell the data and brought it to wider attention.
The leak could be one of the biggest ever recorded in history, cybersecurity experts say, highlighting the risks of collecting and storing vast amounts of sensitive personal data online – especially in a country where authorities have broad and unchecked access to such data.
The vast trove of Chinese personal data had been publicly accessible via what appeared to be an unsecured backdoor link – a shortcut web address that offers unrestricted access to anyone with knowledge of it – since at least April 2021, according to LeakIX, a site that detects and indexes exposed databases online.
The Shanghai government and police department did not respond to repeated written requests for a comment.
The seller also claimed the unsecured database had been hosted by Alibaba Cloud, a subsidiary of Chinese e-commerce giant Alibaba. When reached by CNN for comment on Monday, Alibaba said “we are looking into this” and would communicate any updates. On Wednesday, Alibaba said it declined to comment.
China is home to 1.4 Billion people, which means the data breach could potentially affect more than 70% of the population.
In the United States, a breach of the same proportion would affect approximately 235 Million people.
In Canada, a breach of this magnitude would impact roughly 27 Million people.
Key Takeaways:
1) Store Sensitive Data & Information Securely.
Using properly encrypted P2P or End-to-end encryption FTP’s can be a good start. Information storage location is another factor to consider when hosting or collecting otherwise sensitive data. Multi-Factor Authentication and setting up Possible Breach Notifications are also great security measures.
2) Vulnerabilities will be Exploited.
Ransomware and Extorsion prey on all types of businesses. These targeted attacks happen when an organization has something of value. It could be R&D documents, Patient Data, or Financial information. If attackers are successful in retrieving the information they are after, then they can use it against you and your organization. Hackers can ask for money, in exchange for not releasing the information and once payment is made, they could release the information anyway.
3) One Breach could affect Millions of people.
Global Payments, a third-party credit card transaction processor released a statement admitting its security defenses were breached by hackers. The attack left more than 1 Million people exposed and vulnerable to fraud. Hackers attacked a pipeline that serviced credit card transactions. The scary part; these attacks are becoming increasingly common.
4) Proper Cybersecurity protocols will save your Business.
The cost of hiring Omni Evolutions to provide Cybersecurity services is nothing compared to the cost of losing your business altogether. In business, your reputation is everything. A data breach is a surefire way to lose all confidence clients and investors have in your organization.
We didn’t invent the term “fools with tools.” Still, it’s a perfect definition for the practice of buying a stack of sophisticated cybersecurity technology that’s impossible to manage without an MSP or the budget of a Fortune 500 IT department.
Comments are closed.