The leaked information was in a database belonging to a company dedicated to the development of security and surveillance software
Network security and ethical hacking
specialists from the International Institute of Cyber Security report the
finding of an unsecured database, an incident that exposed personal details of
more than 2 million Chinese
residents.
The Chinese government has been targeted for
criticism, among other reasons, due to the use of facial recognition cameras to
monitor the movements of millions of Uighur settlers in Xinjiang province.
Network
security
experts revealed the leak in recent days. The database found included names,
citizen identity numbers, dates of birth, and other personal details.
“There is a Chinese company called
SenseNets, dedicated to the development of security software based on
artificial intelligence to perform facial recognition, crowd analysis and identity
verification. Anyone can access their commercial IP and millions of accumulated
records of this information-gathering work”, says one of the research
specialists.
According to experts, the database contains
more than 2.5 million records of people; the database would have remained
exposed around 24 hours continuous, the experts added.
The original database was left exposed without
a single authentication measure; network security specialists say that, so far,
SenseNets’s attempts to mitigate the incident have proved fruitless.
“Although the SenseNets teams tried to update
their Windows server 2012 software, they shut down the firewall in the process,
leaving their MongoDG and MySQL server vulnerable to new account”, commented
the experts.
Specialists warn that although this leaked
information is blocked for most users outside of Chinese territory, the
material is accessible from within the country. “With a Chinese proxy it’s easy
to access the database”.
In addition to being a serious information
security problem, this incident is another example of the strict surveillance
policy implemented by Xi Jinpin’s Government, who is willing to spy every
detail of the existence of the people considered as risky for China’s security.
Some experts have shown their concern at how
often these incidents occur: “Sometimes most of the data found in these bases
is not so valuable. However, when details are also found as citizen
identification numbers, detailed profiles of the affected people can be
elaborated, which is very useful in various malicious activities, such as
identity fraud”, concluded the experts.
