According to security researcher Victor Gevers, over 364 million private messages from Chinese users on popular messaging apps were sitting exposed on the internet on Saturday, who works for the nonprofit organization GDI. The database of 364 million records left users’ personal identities searchable to anyone who found the IP address, as reported by the Financial Times. Each record, drawn from apps like WeChat and QQ, also contained personally identifying Chinese citizen ID numbers, photos, addresses, GPS location data, and info on the type of device used. Worse, the main database also sent the data back to 17 other remote servers, according to Gevers. To Gevers, it looks like the data ultimately gets distributed to police stations in cities or provinces — the other 17 servers — identifiable by their numerical codes. To be clear, he tells The Verge, “There is no evidence that law enforcement is doing something active with this spoonfed data. But the infrastructure and well-planned data distribution are there.” “There were chats from teenagers. Direct messages that were supposed to be private,” Gevers says, “I threw a few into Google Translate and shared those to Twitter. But we stopped there — I don’t think Chinese people will appreciate it if we start digging more into their conversations.” Many of the records contained internet cafes' addresses, indicating that the users might be gamers who frequent these cafes. Internet cafes have often been a target of censorship in China. Some local officials have asked cafes to install software that would track what its users browse. Gevers first found the leak when monitoring devices through Shodan, a search engine that lets you look up internet-connected devices. According to him, it looked like someone had messed up a firewall configuration, leaving the database exposed. Gevers reached out to a Chinese internet service provider, ChinaNet Online, on Saturday, and the database was locked down after a few hours. Twitter: https://twitter.com/0xDUDE/status/1101918696237346819 News source: https://www.theverge.com/2019/3/4/18250474/chinese-messages-millions-wechat-qq-yy-data-breach-police

Dutch hacker Victor Gevers (@0xDUDE) said he found a database of 3.7 billion intercepted WeChat messages that were flagged for further scrutiny—including 59 million in English and 19 million sent from outside China. @Sarah_G_Cook (https://freedomhouse.org/expert/sarah-cook) on ATL