× Business
TelecomHealthcareDigital MarketingERPRetailMedia and EntertainmentOil and GasFood and BeveragesMarketing and AdvertisingBanking and InsuranceMetals and MiningLegalComplianceCryptocurrency
Big DataCloudIT ServiceSoftwareMobileSecurityNetworkingStorageCyber SecuritySAPData AnalysisloTBio TechQuality AssuranceEducationE-commerceGaming and VFXArtificial Intelligencescience-and-technology
Cisco DATABASE Google IBM Juniper Microsoft M2M Oracle Red hat Saas SYMANTEC
CEO ReviewCMO ReviewCFO ReviewCompany Review
Startups Opinion Yearbook Readers Speak Contact Us

Millions of users’ private chats were exposed online in China

siliconreview Millions of users’ private chats were exposed online in China

A database security failureleft over 300 million private messages exposed online in China on Saturdayaccording to Victor Gevers, a security researcher at the non-profit organization GDI. It exposed users’ personal data which can be seen by anyone who found the IP address. These messages belonged to popular messaging apps like WeChat and QQ. Each record contained personal information including Chinese citizen ID numbers, addresses,photos,GPS location data etc.

Moreover, the main database sent data back to several other remote servers. As per Gevers, the data apparently gets distributed to cities’ police stations. “There is no evidence that law enforcement is doing something active with this spoonfed data. But the infrastructure and well-planned data distribution are there,”he says. These were mostly chats by teenagers. Gevers even shared a few snippets of chats to Twitter after translating them. He also said that he had stopped that because he understands that people won’t appreciate if their chats are dug deep. 

Many users might be frequent visitors to Internet cafes as several chat records contained addresses to cafes. Internet cafes have often aimed for censorship in China. Officials have also asked cafes to install software to track users’ browsing activities.

While monitoring devices through Shodan, a search engine that allows checking internet-connected devices, the security researcher found about the failure. Apparently, someone had messed up with firewall configuration which left the database exposed. He informed the Chinese ISP to warn about the risks involved and also shared a few tips to keep the data secured.