A security researcher has discovered that hundreds of millions of private chat logs from Chinese users were exposed on the internet.
Victor Gevers of cybersecurity organization GDI Foundation revealed that he discovered a database of 364 million records that included social media profiles and chat logs linked to names and identity card numbers.
The database could be accessed online by anyone who searched for its IP address, and exposed photographs, addresses and locations. Gevers added that the main database was sending data to 17 other servers, depending on where it originated.
“It’s worrisome that these things appear online so easily. There are privacy worries, of course, if data like this is being exposed,” he said, according to The Financial Times.
The databases were secured after Gevers reported the issue. “Our biggest concern was to notify the owner as quickly as possible, and the internet service provider closed it down very quickly,” he said.
A large number of the records originated from web cafés, which Chinese cybersecurity experts have continually warned collect vast amounts of customer data.
Under Chinese law, these establishments must have the approval of the local police station and the local branch of the ministry of culture. In addition, several local governments have requested that the web cafés install cybersecurity monitoring software on their computers, such as Jingwang Xianfeng (“Clean Web Vanguard”).
The records in the databases that were exposed contained labels that referred to social media platforms WeChat and QQ, as well as records of WeChat payments and QQ account numbers. That could mean that the logs might have come from services provided by China’s Tencent, but Tencent did not respond to a request for comment.
One positive: The chat logs that were exposed consisted mostly of regular conversations about money, love and relationships — nothing that would be considered by the Chinese government to be illegal.