Threat Actor leaks ~1.5 Billion Records from Multiple Chinese Databases in Recent Spree
Posted on
January 8, 2021
11:07 am
Categories: Data leaks, Threat Intelligence
Summary
XVigil discovered 8 posts on a database marketplace advertising multiple Chinese govt. and private databases, exposing 1.5B Chinese records.
CloudSEK’s flagship digital risk monitoring platform XVigil discovered 8 posts by a threat actor, on a surface web database marketplace, advertising multiple Chinese government and private databases. The posts expose a total of ~1.5 billion Chinese records.
Jd.com sample data shared the threat actorCar owners’ sample data shared the threat actorPing An’s sample data shared the threat actor
Threat Actor
The threat actor joined the forum in April 2020 and is a popular seller on the forum. The threat actor had changed their handle in December 2020, shortly before going on the spree. The actor has a high reputation score on the forum, which means they are considered a credible seller.
Recommendations
Since the leaked details contain PII and other sensitive information that can be used to orchestrate social engineering attacks and even identity theft. The following mitigation measures can be used to offset impact of leaked PII data
Use strong passwords
Enable multi-factor authentication for all online accounts
Not share OTPs with third-parties
Review online accounts and financial statements periodically