Someone is combining information on Chinese citizens leaked in different data breaches into a single database, and has so far made more than 1.2 billion records.
This compilation of many breaches (COMB) contains plenty of sensitive user information, including phone numbers, postal addresses, ID card numbers, and more.
Researchers from Cybernews claim they spotted an unprotected database on Elasticsearch, which was first set up in the final days of April 2024. By the end of next week, the database held 1,230,703,487 records, and continued to grow since.
Malicious intent
The majority of the information found in the database was leaked elsewhere in the past, but some of the data was never before seen, the researchers confirmed.
“Such an immense collection of personal information suggests the individuals behind it likely have ulterior motives,” the Cybernews research team warns. “The complete dataset is likely to contain duplicates, but that may be by design. It allows threat actors to view all the leaked data about a person, tying together different data points from different leaks and breaches.”
The database contains QQ account numbers, phone numbers, Weibo account IDs, ShungFeng records (names, postal addresses added to the courier service provider), Siyaosu database with ID numbers, a Chezhu database with names, phone numbers, and more, and a Pingan and Jiedai databases with similar information.
There is no information about the actors behind the database, and the researchers are making no assumptions. However, they did say that the dashboard interface viewing the data was set to Simplified Chinese, which could mean that a Chinese person(s) were behind the campaign.
“The discovered data was likely obtained illegally and is possibly intended to be used for illegal purposes. The data likely belongs to an individual threat actor or a group of individuals,” Cybernews said.
More from TechRadar Pro
- Millions of Chinese citizen IDs exposed by online store
- Here’s a list of the best firewalls today
- These are the best endpoint protection tools right now