0
China Police Database Was Left Open Online for Over a Year, Enabling Leak - Slas...
source link: https://yro.slashdot.org/story/22/07/06/1758242/china-police-database-was-left-open-online-for-over-a-year-enabling-leak
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
China Police Database Was Left Open Online for Over a Year, Enabling Leak
Become a fan of Slashdot on Facebook
binspamdupenotthebestofftopicslownewsdaystalestupid freshfunnyinsightfulinterestingmaybe offtopicflamebaittrollredundantoverrated insightfulinterestinginformativefunnyunderrated descriptive typodupeerror
Do you develop on GitHub? You can keep using GitHub but automatically sync your GitHub releases to SourceForge quickly and easily with this tool so your projects have a backup location, and get your project in front of SourceForge's nearly 30 million monthly users. It takes less than a minute. Get new users downloading your project releases today!
×
What is likely one of history's largest heists of personal data -- and the largest known cybersecurity breach in China -- occurred because of a common vulnerability that left the data open for the taking on the internet, say cybersecurity experts who discovered the security flaw earlier this year. WSJ: The Shanghai police records -- containing the names, government ID numbers, phone numbers and incident reports of nearly 1 billion Chinese citizens -- were stored securely, according to the cybersecurity experts. But a dashboard for managing and accessing the data was set up on a public web address and left open without a password, which allowed anyone with relatively basic technical knowledge to waltz in and copy or steal the trove of information, they said. "That they would leave this much data exposed is insane," said Vinny Troia, founder of dark web intelligence firm Shadowbyte, which scans the web for unsecured databases and found the Shanghai police database in January.
The database stayed exposed for more than a year, from April 2021 through the middle of last month, when its data was suddenly wiped clean and replaced with a ransom note for the Shanghai police to discover, according to Bob Diachenko, owner of the cybersecurity research firm SecurityDiscovery, which similarly found the database -- and later the note -- through its periodic web scans earlier this year. "your_data_is_safe," the ransom note read, according to screenshots provided by Mr. Diachenko. "contact_for_your_data...recovery10btc," meaning the data would be returned for 10 bitcoin, roughly $200,000. The ransom amount matches the price that an anonymous user began asking for last Thursday on an online cybercrime forum in exchange for access to a database the user claimed contained billions of records of Chinese citizens' information stolen from a Shanghai national police database.
The database stayed exposed for more than a year, from April 2021 through the middle of last month, when its data was suddenly wiped clean and replaced with a ransom note for the Shanghai police to discover, according to Bob Diachenko, owner of the cybersecurity research firm SecurityDiscovery, which similarly found the database -- and later the note -- through its periodic web scans earlier this year. "your_data_is_safe," the ransom note read, according to screenshots provided by Mr. Diachenko. "contact_for_your_data...recovery10btc," meaning the data would be returned for 10 bitcoin, roughly $200,000. The ransom amount matches the price that an anonymous user began asking for last Thursday on an online cybercrime forum in exchange for access to a database the user claimed contained billions of records of Chinese citizens' information stolen from a Shanghai national police database.
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK