Data security specialists at security firm Safety Dectectives & CNET have discovered a massive data breach (almost 900 GB of compromised information) originating from a server established in China; the exposed server has already been shut down.
The exposed server is an Elastic implementation
and exposes the personal information of millions of Chinese citizens. The
experts, led by renowned researcher Anurag Sen, discovered that the information
exposed was collected and stored by more than 100 app developers, mainly money
loans services in the Asian country.
According to the experts in data protection,
among the compromised personal information highlight scanty details such as:
- Users’
credit history - Financial
risk management information - Personal
identity numbers - Full
names - Address
- Contact
details (phone number, email, etc.)
In addition to personal details, experts also
found that the server stored information about the devices used by these apps’
clients, such as smartphone manufacturer and model, contact list, location
details, IP address, IMEI
numbers, mobile network operator, among other data.
Data protection specialists consider this
database to be a sample of the invasive tracking activities that companies
perform on a daily basis on technology users. Of course, all this information is
not only useful for tech and marketing companies interested in selling us a new
smartphone or things like that, but they are also a favorite target for hacker
groups dedicated to various activities such as identity fraud.
One particularly disturbing thing about this
finding is the fact that the operators of these databases are loan-offering
apps, as the activity history of these applications is also recorded online,
which could negatively influence the financial plans of affected users. In
addition, just as in other similar incidents, this huge database may already be
available for purchase or sale on dark web forums.
Due to weak security measures in many companies
that provide online services, specialists from the International Institute of
Cyber Security (IICS) believe that the best option to protect your personal
information is still the prevention. By protecting our data in the best
possible way, unreliable companies or groups of malicious actors are less
likely to have access to sensitive details.
