Author: AJ Dellinger
A team of security researchers at Safety Detective recently discovered a massive database of sensitive personal information, including real-time location data, that was easily accessible online on an unsecured server. The database, which has since been secured, contained just under 900GB of personal information connected to millions of Chinese citizens
According to Safety Detective, the server contained information from more than 100 mobile apps, most of which were related to loans and financial services. Within the database was a massive trove of personal information including loan records, risk management data, and personally identifiable information like a person's name, address and phone number.
Even more troubling, the database contained over 4.6 million unique entries on mobile devices connected to the app users. Those entries showed just about every piece of information that a person could want relating to a device. Records included real-time location data, lists of contacts, text message logs, device model information, information about apps installed on the device, records of when certain apps are opened and how long they are used, billing information include credit card numbers and passwords stored with MD5 encryption, which can easily be cracked with the right tools. Safety Detective determined that it is likely the information in the database is collected and used by marketing agencies for mobile apps and other services.
Read More: Here