Largest Data Leak in China - Comments and Insights from Acronis - GADGET-INNOVATIONS

Largest Data Leak in China - Comments and Insights from Acronis

Share This



The recent trending news on Largest Data Leak in China
The comments are from  Stas Protassov, Acronis co-founder & Technology President

1. What kind of data was available for sale on the forum?

A: The cybercriminals offered a full dump of the database containing 24TB of personal information, the asking price is 10 Bitcoins which currently is around $200K.

The sample has 3 types of data: personal info file, phone location data (or owner’s address) along with phone numbers, and what seems like a police incident or criminal case registry – with location and short incident description.

The majority of what is being told to be criminal case information are minor incidents bordering on public offense, like: “Police was called to a scene of "There was a fight at the gate of the (redacted by Acronis) Zhujing Town, Jinshan District. Disputes to be mediated by the agency", or "Water meter has been stolen. Police made a record", or "The person who called the police was driving a car accidentally scratched the left side of the vehicle". Unfortunately, these records do refer to people involved, so it could be damaging to some of those people.



2.How can organizations with customers/operations in China safeguard against potential attacks due to the data leak?

A: This information could be used to personalize future attacks, such as spear phishing, or to commit fraud in the name of the victims. Organizations and individuals should be vigilant of malicious emails or text messages in the near future and monitor for any fraud activity. 
3.Does the leak potentially have a greater impact in China as the government requires authentic/legitimate personal identification details for service registration (such as social media platforms)?

A: It is fairly unlikely that the data on its own is enough to take over the identification services, but it could lead to phone swapping or other identity fraud activity which could then lead to negative scoring in social media platforms.

News of such leaks is quite common, but this one is unique – because it's big and because it proves that no one, not even IT administrators in China, is immune to making mistakes.

4. Can you confirm the leak was due to a government employee/developer accidentally posting credentials on CSDN?

A: There was indeed a blog post by a developer on CSDN which contained access credentials – this might have been the entry point for the attacker. It’s not possible to confirm the attack vector without access to the organizations logfiles, but it is a very likely scenario.

Based on ID format, we can say with some confidence that it looks like an ElasticSearch dump – again, it’s unclear whether it was due to the leaked credentials, or if it was badly configured to begin with. Most commonly, this kind of leak happens when someone leaves an unauthenticated Elastic instance available from the Internet.

5. Any screenshots of the data that’s for sale on any of the online forums?

A: Picture attached in email

6. Any other comments that you have

A: Unfortunately, with the growing complexity of IT infrastructure we are seeing more and more of these large data breaches – cases where access control was not managed adequately, especially with large cloud data bases and data buckets. This case will not remain “the largest data leak in history” for long.


Personal info leaked – list of fields in personal info file for a typical record:
BPLACE (birth place, refers to a location)
EDEGREE (education degree)
ESCU (seems to be work occupation)
HHPLACE (residential address)
IDNO (seems to be government ID)
MARR (marital status)
NATION (nationality)
NPLACE (reference to a city)
QUERY_STRING (reference to an address)