[German]Security researchers from CyberNews have discovered a data leak at Chinese provider Xiaoxintong. There, information about 200 million elderly people in China was open to everyone. More than 200 million people are affected with their personal and business data.
Advertising
As the security researchers of CyberNews write here, they have discovered two unsecured databases with millions of records. The databases belong to companies based in China and offer various types of services.
- One database belongs to Xiaoxintong, which offers several applications and services for elderly care.
The other database seems to be linked to Shanghai Yanhua Smartech Tools, which provides services related to intelligent buildings.
The Xiaoxintong database
According to ITJuzi.com, Xiaxintong is an "intelligent service platform for elderly care", which consists of both an "intelligent mobile device and a cloud service platform". This service offers "mobile rescue, love and health services for elderly people free of charge".
The database for Xiaoxintong, which serves more than 200 million elderly people in China, contains sensitive information such as GPS locations, mobile phone numbers, addresses, hashed passwords and more. The data covers about 83% of the elderly people in China (241 million elderly people).
Shanghai Yanhua Smartec Database
The second database, possibly from Shanghai Yanhua Smartech, contains even more sensitive data such as easily decoded audio files, names, employee ID numbers, heart rates, oxygen levels, GPS locations and much more.
Advertising
The databases were exposed for an unknown period of time. The total amount of records for both databases – potentially 5 million in total or more – contained highly sensitive information about both elderly people and their families, as well as employees in seemingly intelligent buildings and related vehicles. Fortunately, both databases have now been secured. Details can be read here.
Advertising