The exposed instance was quickly taken down. This prevented the team from revealing the identity of the database’s owners. The largest collection, with over 805 million records, was named “wechatid_db,” which most likely points to the data coming from the Tencent-owned super-app WeChat.
The second largest collection, “address_db,” had over 780 million records containing residential data with geographic identifiers. The third largest collection, simply named “bank,” had over 630 million records of financial data, including payment card numbers, dates of birth, names, and phone numbers.
Possessing only these three collections would enable skilled attackers to correlate different data points to find out where certain users live and what their spending habits, debts, and savings are.
Another major collection in the dataset was named in Mandarin, which roughly translates to “three-factor checks.” With over 610 million records, the collection most likely contained IDs, phone numbers, and usernames.
Meanwhile, a collection named “wechatinfo” contained nearly 577 million records. Since WeChat user IDs were stored in a separate collection, wechatinfo most likely had metadata, communication logs, or even user conversations.
Another 300 million records were stored in a data collection “zfbkt_db”, containing Alipay card and token information. Attackers could attempt to enable unauthorized payments, takeover accounts, and steal users’ identity. Coupled with a smaller collection in the leak with 20 million records on Alipay-related financial data, this could spell disaster for users whose data was leaked.
More than 353 million records were unevenly distributed among nine more collections with data points on a very wide array of topics. Whoever owns the dataset has information on gambling, vehicle registration, employment information, pension funds and insurance. Researchers believe that one collection, named “tw_db” contains Taiwan-related details.
The database consisted of numerous collections, ranging from half a million to over 800 million records gathered from various sources. One research team believes the dataset was meticulously compiled and maintained to build comprehensive behavioral, economic, and social profiles of nearly any Chinese citizen. The exposed instance was quickly taken down, preventing the team from disclosing the identity of the database’s owners.
The largest collection, with over 805 million records, was named “wechatid_db,” which most likely indicates that the data originated from the Tencent-owned super-app WeChat. The second largest collection, “address_db,” contained over 780 million records consisting of residential data and geographic identifiers.
The third largest collection, simply titled “bank,” included over 630 million records of financial data, comprising payment card numbers, dates of birth, names, and phone numbers. Another significant collection in the dataset was named in Mandarin, which roughly translates to “three-factor checks.” With over 610 million records, this collection likely contained IDs, phone numbers, and usernames.
A collection called “wechatinfo” included nearly 577 million records. Since WeChat user IDs were stored in a separate collection, wechatinfo probably held metadata, communication logs, or even user conversations.
An additional 300 million records were found in a data collection named “zfbkt_db,” which contained Alipay card and token information.
Over 353 million records were unevenly distributed among nine more collections with data points covering a wide array of topics.
