A substantial data breach affecting millions of Chinese citizens’ identity numbers was recently discovered by security researcher Viktor Markopoulos. The breach was a result of an e-commerce store, Zhefengle, based in China, negligently leaving its database exposed to the internet. Markopoulos found an unprotected database containing more than 3.3 million orders spanning from 2015 to 2020.
This database contained extensive customer information, including shipping addresses, phone numbers, and government-issued resident identity card numbers, with many orders even including uploaded copies of customers’ identity cards.
The breach is particularly concerning because Chinese regulations require customers importing goods to verify their identity, which often involves providing a copy of their identity card. The duration for which the database was exposed remains uncertain, but the vulnerability was addressed promptly after TechCrunch alerted the owners of the online store.
Following TechCrunch’s notification, the database was no longer accessible, and the store owners reported that they are currently conducting an internal investigation to determine the cause of the breach. This incident highlights the importance of safeguarding sensitive personal data and the risks associated with neglecting cybersecurity measures in an increasingly interconnected digital world.
References:
