You must Register or Sign in to your Cyware account to perform this action
×Once you are logged in, you will be able to:
Customize your feeds by selecting categories you like
Comment on or Like an article
Receive the latest security stories, trends, and insights in your inbox
Build your profile and login across multiple devices
Bookmark a story and read it later
- Home
- Hacker News
- Breaches and Incidents
- Unprotected Elasticsearch server exposed PII and financial data of Chinese mobile loan app users

Unprotected Elasticsearch server exposed PII and financial data of Chinese mobile loan app users
Unprotected Elasticsearch server exposed PII and financial data of Chinese mobile loan app users- July 18, 2019
- |
- Breaches and Incidents
/https://cystory-images.s3.amazonaws.com/shutterstock_572500951.jpg)
- The open server exposed the personal information, financial data, mobile device information, and billing information of Chinese citizens who used loan apps.
- The database was left open for two weeks and has now been secured by Aliyun Computing Co.
Researchers from SafetyDetectives uncovered an unprotected Elasticsearch server that exposed over 899 GB of data.
Who is the owner of the database?
The company behind the leaky database is currently unknown. However, the database leaked data of more than 100 loan-related apps, suggesting that the owner might most likely be a marketing agency for mobile apps. The provider of the server is Aliyun Computing Co., but they only rented the server to the company and are not responsible for the leak.
The database was left open for two weeks and has now been secured by Aliyun Computing Co.
What information was exposed?
- The open server exposed the personal information of Chinese citizens who used loan apps including their names, phone numbers, and addresses.
- The database included financial data such as loan records, loan details, risk management data, and ID numbers.
- The database also contained mobile device information such as device model and version, device location, operator details, memory data, stored app data, IMSI and IMEI numbers, GPS location, SMS logs, detailed list of contacts, transaction details, detailed tracking of app behavior, launch and exit times, and passwords with MD5 encryption.
- The mobile billing invoices including names, billing addresses, call logs, bill amounts, credit card details were also included in the database.
“There are more than enough details to entirely overtake someone’s identity without any significant effort whatsoever. If this data were to be sold on the Dark Web, it could easily be packaged into a ‘deal’ where an individual’s financial, medical, and personal life are up for grabs. When targeted, even a phone’s sim card can be replicated and nearly full access to all of a person’s phone apps that control smart home devices, contain private photos and details, and more is made available,” researchers wrote in a blog.
Get such articles in your inbox
News
-
Previous News Google removes seven stalkerware apps from Play Store
- July 18, 2019
- |
- Malware and Vulnerabilities
Popular News
Related News
-
How Secure Is Your Organization’s Translation Process?
- November 28, 2019
- |
- Emerging Threats
Categories
Get such articles in your inbox
News
-
Previous News Google removes seven stalkerware apps from Play Store
- July 18, 2019
- |
- Malware and Vulnerabilities
Popular News
Related News
-
How Secure Is Your Organization’s Translation Process?
- November 28, 2019
- |
- Emerging Threats
Categories
