Safety Detectives’ research team has recently discovered a sizeable data leak (over 899gb and growing by the day) of a China-based server, which has now been closed. We are unable to confirm the company behind the leak, but according to the data, it appears to most likely be a marketing agency for mobile apps. The provider of the server is Aliyun Computing Co., but they only rented the server to the company and are not otherwise involved or responsible for the leak.
What’s Being Leaked?
Led by Head of Research, Anurag Sen, our security research team has discovered a veritable treasure trove of data. With what seems to be data of more than 100 mostly loan-related apps, this is no insignificant breach of trust for the users of said applications. The Elastic server exposed publicly sensitive information of Chinese citizens.
A simple search finds us credit evaluation reports, which contain:
Loan records and details
Risk management data
Real ID numbers
Personal details
Name
Address
Contact number
Our team also found:
Device data – over 4.6 million unique entries
GPS location
Detailed list of contacts
SMS logs
IMSI numbers
IMEI numbers
Device model/version
Stored app data
Memory data
Operator reports
Transaction details
Mobile billing invoices
Full names
Phone numbers
Bill amount per month
Call log
Credit and debit card details
Concentrated list of apps on each mobile device
Detailed tracking of app behavior
Device information
Device location
Launch & exit times
Duration on the content, etc.
Passwords with MD5 encryption, which can be decoded
In the database, the data tells us that people’s activity is being tracked, in detail. ..
Support the originator by clicking the read the rest link below.
