TZUTC: -0500   
   MSGID: 2102.consprcy@1:2320/105 2deb25f1   
   PID: Synchronet 3.21a-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   TID: SBBSecho 3.28-Linux master/123f2d28a Jul 12 2025 GCC 12.2.0   
   BBSID: CAPCITY2   
   CHRS: ASCII 1   
   FORMAT: flowed   
   Massive Chinese data breach allegedly spills 8.7 billion records - here's what   
   we know   
      
   By Sead Fadilpa?i?    
      
   Someone kept a gigantic database unlocked on the internet   
      
    Exposed Elasticsearch cluster leaked 8.7 billion records of Chinese   
   individuals and businesses   
    Data included PII, plaintext passwords, and corporate registration details   
    Cluster likely run by data brokers; hosted on bulletproof provider, now locked   
   down after discovery   
      
   One of the largest data leaks ever to happen in China has been detected after   
   security researchers from Cybernews reported coming across an exposed   
   Elasticsearch cluster that contained more than 160 indices.   
      
   These indices held approximately 8.7 billion records, primarily of Chinese   
   individuals.   
      
   The records contained all sorts of personally identifiable and sensitive data,   
   including names, addresses, phone numbers, birth dates, gender information,   
   social media identifiers, and plaintext passwords. They also contained various   
   corporate and business records such as company registration details, legal   
   representatives, business contact information, and registration addresses and   
   licensing metadata.   
      
   Long-running aggregation effort   
      
   The researchers could not determine who the owner of the database is, so there   
   is no confirmation if this was a malicious act, or not. Cybernews says the   
   cluster resembles what data brokers usually do, since it was highly organized   
   and thoroughly segmented.   
      
   Since it was open for three weeks, it is possible that it was picked up by   
   threat actors in the meantime.   
      
   "Despite the short exposure window, the scale of the dataset means that   
   automated scraping during this period could have resulted in widespread   
   secondary dissemination," the researchers said.   
      
   The data belongs mostly to people in mainland China, but victims are scattered   
   across multiple Chinese provinces.   
      
   The database may have been open for mere weeks, but it probably took a lot   
   longer to harvest all of it. Apparently, this wasn't done in a single swoop,   
   and the data was likely scraped from different sources.   
      
   "The presence of timestamps and import dates points to a long-running   
   aggregation effort rather than a single historical breach," the team   
   explained.   
      
   Investigators managed to find the provider that hosted the cluster. It is a   
   bulletproof hosting company, "commonly associated with high-risk or   
   non-compliant data operations." After being notified, the provider locked the   
   database down, it seems.   
      
      
   https://www.techradar.com/pro/security/massive-chinese-data-breach-allegedly-sp   
   ills-8-7-billion-records-heres-what-we-know   
      
   $$   
   --- SBBSecho 3.28-Linux   
    * Origin: Capitol City Online (1:2320/105)   
   SEEN-BY: 105/81 106/201 128/187 129/14 305 153/7715 154/110 218/700   
   SEEN-BY: 226/30 227/114 229/110 134 206 300 307 317 400 426 428 470   
   SEEN-BY: 229/664 700 705 266/512 291/111 320/219 322/757 342/200 396/45   
   SEEN-BY: 460/58 633/280 712/848 902/26 2320/0 105 304 3634/12 5075/35   
   PATH: 2320/105 229/426