Massive COMB data breach reveals info on over a billion people — here’s what we know about “compilation of many breaches”

Date:

China



(Image credit: Shutterstock)

Someone is combining information on Chinese citizens leaked in different data breaches into a single database, and has so far made more than 1.2 billion records. 

This compilation of many breaches (COMB) contains plenty of sensitive user information, including phone numbers, postal addresses, ID card numbers, and more.

Researchers from Cybernews claim they spotted an unprotected database on Elasticsearch, which was first set up in the final days of April 2024. By the end of next week, the database held 1,230,703,487 records, and continued to grow since.

Malicious intent

The majority of the information found in the database was leaked elsewhere in the past, but some of the data was never before seen, the researchers confirmed.

“Such an immense collection of personal information suggests the individuals behind it likely have ulterior motives,” the Cybernews research team warns. “The complete dataset is likely to contain duplicates, but that may be by design. It allows threat actors to view all the leaked data about a person, tying together different data points from different leaks and breaches.”

The database contains QQ account numbers, phone numbers, Weibo account IDs, ShungFeng records (names, postal addresses added to the courier service provider), Siyaosu database with ID numbers, a Chezhu database with names, phone numbers, and more, and a Pingan and Jiedai databases with similar information. 

There is no information about the actors behind the database, and the researchers are making no assumptions. However, they did say that the dashboard interface viewing the data was set to Simplified Chinese, which could mean that a Chinese person(s) were behind the campaign. 

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

“The discovered data was likely obtained illegally and is possibly intended to be used for illegal purposes. The data likely belongs to an individual threat actor or a group of individuals,” Cybernews said.

More from TechRadar Pro

  • Millions of Chinese citizen IDs exposed by online store
  • Here’s a list of the best firewalls today
  • These are the best endpoint protection tools right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

LEAVE A REPLY

Please enter your comment!
Please enter your name here

Share post:

Subscribe

Popular

More like this
Related

What to Do If the Election Doesn’t Go as You Hoped, According to a Mental Health Expert

If, after a long night of watching returns, you...

Phoebe Bridgers, I Love Your Little Bonnet

All-black outfits don’t have to be boring. Exhibit A:...

Election Day 2024: The Best Memes and Tweets

It’s Election Day, meaning it’s time to vote, if...

33 Winter Fashion Items You Need for Layering Clothes

All products featured on Vogue are independently selected by...