Major leak exposes 1.5 billion Weibo, DiDi, Shanghai Communist Party, and others' records

The unprotected server, which contains hundreds of millions of records, houses data from several major brands, such as JD.com, Weibo, DiDi, various Chinese banks, and many others.

Cybernews researchers believe the dataset is likely a mix of known and completely new data leaks collated on a single now-closed Elasticsearch server. While not all 1.5 billion records were exposed for the first time, some undoubtedly were, as we've found no indication of previous data leaks from companies included in the list.

“Saying the magnitude of this leak is alarming is an understatement. The leaks' volume alone is mind-boggling. Worse so, the exposed server had data from essential sectors like healthcare and finance, amplifying the potential harm,” Cybernews researchers said.
As the database's owner remains unknown, it raises serious concerns about data privacy and security.

Key findings:
• While nearly 1.5 billion records were exposed, that doesn't mean the same number of individuals had their details leaked online. Since details come from different platforms, organizations, and economic sectors, some users may have had their data leaked several times.
• The largest number of identifiable records were grouped in a collection credited to QQ messenger, Tencent's instant messaging software.
• The second largest collection of leaked records, 504 million, was credited to Weibo, sometimes called China's Twitter.
• The exposed instance our team discovered had a whopping 142 million JD.com records exposed.
• The third largest exposed dataset, with over 25 million records, was credited to China's largest courier service, SF Express.
• The team discovered tens of thousands of leaked records titled Sichuan Nurse, another million titled Doctor and Patient, and 400k more credited to pharmacies.
• Collections like Securities (243k), China Provident Fund (531k), China Union Pay Users (1.1 million), China Merchants Bank (1 million), Bank of China (985k), as well as a collection named Cryptocurrency (100k), strongly suggest a massive financial data exposure.
• The collection of Zhejiang Student Records (9 million) and Graduate data (366k) points to the exposure of educational data likely involving millions of Chinese students.
• There's also the addition of the Zhilian collection (1.1 million), which likely refers to Zhillian Technology, an automotive R&D company.
• 2.6 million records were credited to vehicle owners, and another 3.5 million were credited to an unnamed driving school, pointing to the server owners' interest in Chinese motorists.
• Another 65k records were attributed to customers of an unknown mobile carrier, residents of Beijing (196k), KFC China (5 million), and Household registration data (5.4 million)
• Some collections were ominously dubbed ‘friendly nations' (313k) and ‘data of multiple neighboring countries' (2 million), signaling at least some level of political motivation for whoever's behind the dataset.
• The inclusion of 1.6 million records in a collection titled The Communist Party of Shanghai only strengthened the impression.
• Another 74 million records were included in collections that we could not reliably translate or name using random collections of numbers and letters.

What data was exposed?
• Full names
• Email addresses
• Platform ID numbers
• Usernames
• Phone numbers
• Healthcare data
• Financial records
• Transportation-related details
• Education-related records