Facial recognition database of a Chinese company containing data of 2.5 million users left exposed

• The exposed MongoDB database belonging to the Chinese video analytics company SenseNets, contained information of 2.5 million citizens.
• The database contained information of people in in the Xinjiang autonomous region, which is home to the Uyghur Muslim minority population of China.

A facial recognition database belonging to a Chinese company named SenseNets was left exposed online, as discovered by a security researcher recently.

Researcher Victor Gevers found that the database was left open online without any authentication. According to the researcher, the database contained information of 2.5 million people.

It is alleged that the Chinese Government uses SenseNets' data to monitor the Uyghur Muslim population in the country's western provinces.

Highly sensitive data of citizens

When Gevers came across this flaw and analyzed the database, he uncovered highly sensitive information such as names, ID card numbers, ID card issue date, ID card expiration date, sex, nationality, home addresses, dates of birth, photos, and employer.

“The database also contained a list of 'trackers' and associated GPS coordinates. Based on the company's website, these trackers appear to be the locations of public cameras from where video had been captured and was being analyzed,” reported ZDNet.

These ‘trackers’ were associated with specific terms such as, ‘mosque’, ‘hotel’, ‘internet cafe’ and so on, where public cameras are generally present in the Xinjiang autonomous region. Astonishingly, Gevers also found that the company was actively collecting data of Uyghur Muslim population's movement, with around 6.7 million GPS coordinates recorded in the database.

When SenseNets was informed about the incident by Gevers, the video analytics company blocked access for all non-Chinese IP addresses to their site. Furthermore, it is uncertain whether SenseNets was actually working for the Chinese government or not.