The security and privacy of the users’ data is a major concern among poplar apps and websites. Many times, these companies have failed to provide a secure environment for the users’ data. A similar incident has been witnessed by a security researcher Victor Gevers of non-profit organization GDI. As per a report from the Financial Times, the identities and other personal data of 300 million Chinese users were searchable on the internet if anyone knows the IP on Saturday, last week.
The data of Chinese popular social messaging networks such as QQ and WeChat were exposed including Chinese citizen ID, photos, addresses, GPS location data along with the personal messages. It seems a major breach on the ChinaNet online, internet service provider servers. As per Gevers, later the data was distributed to over 17 different remote servers. It is not confirmed whether and why it is sent to over different servers and what’s the actual usage. But as per assumption, Gevers claims that the data is sent to police stations in different regions of China.
In actual he quoted that, “There is no evidence that law enforcement is doing something active with this spoonfed data. But the infrastructure and well-planned data distribution are there.” He further investigated the issue and shared some parts of Direct Messages that were supposed to be private. He even shared some snippets of the chats as proof on his Twitter handle.
Upon digging deep, the data patterns hinted that these users might be frequent gamers who used different cafes. There’s another possibility that its the Chinese government’s way of keeping a tap on users who don’t follow censorship in China. Even though, some local officers have also asked internet cafes to track the users’ browsing history time-to-time with software.
Gevers accumulated the information while he was crawling Shodan search engine. As per him, the data was exposed in attempts by someone to frisk through the servers.
Later, Gevers resolved the issue by taking the matter to the Chinese internet service provider. In response, ChinaNet Online secured the data within a few hours.
In China, the Government scans the users’ activity routinely to ensure safety and security. Even though, most of the Chinese internet companies are quite straightforward in complying with the state policies. Most of the companies have added in their privacy policies that they “comply with applicable laws and regulations.”
We hope in the future, the telecom operators and internet service providers should be more stringent while handling users’ data.
(Via)
