Researchers are Safety Detective recently found a data leak (over 899gb and growing by the day) of a China-based server, which has now been closed.

We are unable to confirm the company behind the leak, but according to the data, it appears to most likely be a marketing agency for mobile apps.

The Elastic server exposed publicly sensitive information of Chinese citizens. A simple search resulted in credit evaluation reports, which contained:

  • Loan records and details
  • Risk management data
  • Real ID numbers
  • Personal details
    • Name
    • Address
    • Contact number
  • Device data – over 4.6 million unique entries
    • GPS location
    • Detailed list of contacts
    • SMS logs
    • IMSI numbers
    • IMEI numbers
    • Device model/version
    • Stored app data
    • Memory data
  • Operator reports
  • Transaction details
  • Mobile billing invoices
    • Full names
    • Phone numbers
    • Bill amount per month
    • Call log
    • Credit and debit card details
  • Concentrated list of apps on each mobile device
  • Detailed tracking of app behavior
    • Device information
    • Device location
    • Launch & exit times
    • Duration on the content, etc.
  • Passwords with MD5 encryption, which can be decoded

According to the report user’s activity is being tracked, in detail. Including their IP address and duration of a given activity, call logs, SMS exchanges (including content of the SMS), and the various apps installed on the devices are all within the scope of data made available by this leak.

Have something to say about this article? Comment below or share it with us on Facebook, Twitter or our LinkedIn Group.