A database security failureleft over 300 million private messages exposed online in China on Saturdayaccording to Victor Gevers, a security researcher at the non-profit organization GDI. It exposed users’ personal data which can be seen by anyone who found the IP address. These messages belonged to popular messaging apps like WeChat and QQ. Each record contained personal information including Chinese citizen ID numbers, addresses,photos,GPS location data etc.
Moreover, the main database sent data back to several other remote servers. As per Gevers, the data apparently gets distributed to cities’ police stations. “There is no evidence that law enforcement is doing something active with this spoonfed data. But the infrastructure and well-planned data distribution are there,”he says. These were mostly chats by teenagers. Gevers even shared a few snippets of chats to Twitter after translating them. He also said that he had stopped that because he understands that people won’t appreciate if their chats are dug deep.
Many users might be frequent visitors to Internet cafes as several chat records contained addresses to cafes. Internet cafes have often aimed for censorship in China. Officials have also asked cafes to install software to track users’ browsing activities.
While monitoring devices through Shodan, a search engine that allows checking internet-connected devices, the security researcher found about the failure. Apparently, someone had messed up with firewall configuration which left the database exposed. He informed the Chinese ISP to warn about the risks involved and also shared a few tips to keep the data secured.