What is likely one of history’s largest heists of personal data—and the largest known cybersecurity breach in China—occurred because of a common vulnerability that left the data open for the taking on the internet, say cybersecurity experts who discovered the security flaw earlier this year.
The Shanghai police records—containing the names, government ID numbers, phone numbers and incident reports of nearly 1 billion Chinese citizens—were stored securely, according to the cybersecurity experts. But a dashboard for managing and accessing the data was set up on a public web address and left open without a password, which allowed anyone with relatively basic technical knowledge to waltz in and copy or steal the trove of information, they said.
“That they would leave this much data exposed is insane,” said Vinny Troia, founder of dark web intelligence firm Shadowbyte, which scans the web for unsecured databases and found the Shanghai police database in January.
Reposted from WSJ
PS. If you think this data is only the data from Chinese citizens, you are undoubtedly mistaken…