Data leak at Xiaoxintong: 200 million data affected

[German]Security researchers from CyberNews have discovered a data leak at Chinese provider Xiaoxintong. There, information about 200 million elderly people in China was open to everyone. More than 200 million people are affected with their personal and business data.


Advertising

As the security researchers of CyberNews write here, they have discovered two unsecured databases with millions of records. The databases belong to companies based in China and offer various types of services.

  • One database belongs to Xiaoxintong, which offers several applications and services for elderly care.
  • The other database seems to be linked to Shanghai Yanhua Smartech Tools, which provides services related to intelligent buildings.

The Xiaoxintong database

According to ITJuzi.com, Xiaxintong is an "intelligent service platform for elderly care", which consists of both an "intelligent mobile device and a cloud service platform". This service offers "mobile rescue, love and health services for elderly people free of charge".

The database for Xiaoxintong, which serves more than 200 million elderly people in China, contains sensitive information such as GPS locations, mobile phone numbers, addresses, hashed passwords and more. The data covers about 83% of the elderly people in China (241 million elderly people).

Shanghai Yanhua Smartec Database

The second database, possibly from Shanghai Yanhua Smartech, contains even more sensitive data such as easily decoded audio files, names, employee ID numbers, heart rates, oxygen levels, GPS locations and much more.


Advertising

The databases were exposed for an unknown period of time. The total amount of records for both databases – potentially 5 million in total or more – contained highly sensitive information about both elderly people and their families, as well as employees in seemingly intelligent buildings and related vehicles. Fortunately, both databases have now been secured. Details can be read here.


Advertising

This entry was posted in Security and tagged . Bookmark the permalink.

Leave a Reply

Your email address will not be published. Required fields are marked *

Note: Please note the rules for commenting on the blog (first comments and linked posts end up in moderation, I release them every few hours, I rigorously delete SEO posts/SPAM).