Jul 07, 2022 12:30:00

It turns out that the personal information of 1 billion people leaked from the Shanghai police was disclosed without a password for over a year

Regarding

the case where 24 TB of personal information equivalent to 1 billion people was stolen from the Shanghai police database, it was found that the information in the database was accessible without a password for over a year.

CNN.co.jp: Personal information leaked from 1 billion people in China, left unattended for over a year Police criminal records
https://www.cnn.co.jp/tech/35190030.html

China's personal information leaked, data left open for over a year-WSJ
https://jp.wsj.com/articles/china-police-database-was-left-open-online-for-over-a-year-enabling-leak-11657151735

It has been pointed out that the database in question does not require any password or other input via a backdoor link accessible to anyone who knows the address, and is visible to anyone since at least April 2021. It was said that it had continued for more than a year until around June 2022.

Vinnie Troia, the founder of dark web information company Shadowbyte , told CNN and The Wall Street Journal in April 2021 that the database was accessible and could be viewed by registering for an account. 'It's hard to believe that we've left such a huge amount of data unprotected,' he said.

In 2019, Troy also discovered a database that stored 1.2 billion pieces of personal information in a state that anyone could access.

It turns out that 1.2 billion people's personal information was stored on an online server in a state accessible to anyone --GIGAZINE