One of the largest data leaks in recent history has exposed a staggering 1.5 billion records, affecting major Chinese platforms, financial institutions, and even government-related entities. The unprotected dataset, discovered by Cybernews researchers, contains sensitive details, including full names, government ID numbers, phone numbers, financial records, and healthcare data.
The leaked records originate from multiple high-profile sources, including Weibo, China’s largest social media platform, and DiDi, the country’s top ride-hailing service. Other affected entities include major banks, telecommunications providers, courier services, and even the Shanghai Communist Party.
Researchers believe this dataset is a compilation of both known and previously undisclosed breaches, aggregated on an Elasticsearch server. The sheer volume and diversity of data suggest malicious intent, as large-scale leaks like this can fuel identity theft, targeted phishing attacks, and unauthorized financial access.
Among the most alarming aspects of the leak is the presence of highly sensitive financial and healthcare data. The dataset includes 504 million records tied to Weibo, 25 million from SF Express (China’s largest courier service), and over 142 million from JD.com, a major e-commerce platform that had no previously known breaches.
In addition to personal and corporate data, the dataset contains politically sensitive records. A collection labeled “The Communist Party of Shanghai” includes 1.6 million records, while others titled “Friendly Nations” and “Data of Multiple Neighboring Countries” hint at potential geopolitical implications.
Though the exposed server was eventually taken offline after multiple alerts to China’s CERT, the scale of this breach highlights the persistent risks of mass data aggregation. As cybersecurity experts analyze the impact, this incident could rank among the largest known data leaks in history, second only to the infamous Shanghai National Police breach.
Advertisement
