In a startling revelation, researchers from CyberNews have uncovered an unprotected server containing a treasure trove of data, compromising 1.5 billion records linked to major brands like Weibo, DiDi, and JD.com. The leaked database, which included sensitive Personally Identifiable Information (PII), raises significant concerns about cybersecurity practices worldwide.
Table of Contents
What Was Exposed?
The data breach encompassed a vast array of PII, including:
- Full names
- Email addresses
- Financial information
- Healthcare records
- Phone numbers
Among the exposed records:
- QQ Messenger was responsible for the largest dataset.
- Weibo accounted for 504 million records, although many appear to be from previous leaks.
- JD.com (Jingdong), a major Chinese e-commerce company, had 142 million records, making it the largest dataset in the breach with no prior major leaks.
While some data appears to have been recycled from older breaches, researchers confirmed that much of it was newly compromised.
A Server Open for Months
The exposed database was hosted on an Elasticsearch server and remained unprotected for several months. Despite multiple disclosure attempts, it was only recently closed.
