Terabytes of information on billions of Chinese citizens for sale.

A total of 15 breaches were found and analysed resulting in 20,982,366 leaked accounts containing a total of 17 different data types. The breaches found publicly and freely available included Anime Digital Network, GBATEMP, Tutu, Nival and World of War. Sign in to view the full BreachAware Breach Index which includes, where available, reference articles relating to each breach.

SPOTLIGHT

There seems to be a trend coming out of People's Republic of China regarding some very large leaks. Earlier this week, we witnessed a user on a popular hacking forum selling terabytes of information on billions of Chinese citizens. More recently, a different user on the same forum has dumped the Shanghai police database from 2016. Users are reporting that once the files are unzipped and opened, the file tries to connect to a remote address, but the data is real. Suffice to say, it hasn’t been a great week for the CCP.

An international shipping company has had one of their databases from 2021 dumped online. With over 380k employees operating in most countries around the world and over 1 billion parcels delivered last year, you can see a company of this size being a target for threat actors. A range of personal information included email addresses, full names, and hashed passwords in the breach.

One of the most popular Russian travel sites has also been breached with its data dumped online. The site allows users to book flights, trains, and holidays. It has a huge user base, being ranked second in Russia for selling train tickets last year. Unfortunately for them, a very large section of their user base, possibly their whole user-base is now in circulation on a variety of hacking forums. The file has over 40mb of data, the datasets include mobile phone numbers and full names.