Massive Data Leak Exposes Over 1.2 Billion Records of Chinese Citizens

An unknown actor has been discovered building a massive compilation of breaches targeting Chinese individuals, with over 1.2 billion records already leaked online. The Cybernews research team uncovered this colossal dataset on May 6th, focused solely on citizens of China. The actor behind it likely misconfigured the Elasticsearch instance, leading to the data leak.

The COMB, or Compilation of Many Breaches, started growing recently and now contains personal data records of Chinese citizens, making up about 87% of the country’s population. Each record includes at least a phone number, with some also containing sensitive information like addresses and ID card numbers.

The dataset includes records from popular Chinese platforms like QQ and Weibo, as well as logistic services and insurance companies. The intent behind this massive data collection remains unclear, but the Cybernews research team warns of potential malicious activities like spear-phishing attacks and scams targeting Chinese citizens.

While the data does not include passwords, threat actors could still use it for social engineering attacks or identity theft. The researchers have informed the German cloud provider hosting the data about the illegal storage and open access to this sensitive information.

This discovery marks the second-largest leak this year, following the Mother of All Breaches collection. The Cybernews team advises individuals to be cautious as their personal information may be used for fraudulent activities in the future.