An anonymous threat actor is compiling data specifically targeting Chinese citizens.
Currently, the personal data of over 1.2 billion Chinese citizens is being stored in an online German database, called a COMB (a compilation of many breaches). Each data entry contains a name and a phone number at the very least, but many entries include home addresses and ID numbers, plus other personally identifiable information (PII).
The data also includes QQ and Whatsapp numbers, two popular social media apps used in China, as well as Weibo account info. The dataset totals over 100GB of raw data on Chinese citizens. When considering that there are only 1.4 billion Chinese citizens in total, the 1.2 billion number becomes even more staggering.
A majority of the data that was found has been gathered from a multitude of previous data leaks. That said, researchers have found completely new data amidst the set. That may not mean that the threat actor is gathering new information, it could mean that the information came from a previously undiscovered data breach.
Strangely, the COMB does not contain any passwords, nor does it seem like the hacker is interested in them.
“The choice of Elasticsearch as data repository is also telling, as it is a go-to tool for both storing large amounts of data and also quickly searching for that data,” explain researchers.
“Such an immense collection of personal information suggests the individuals behind it likely have ulterior motives,” states the researchers with Cybernews, which first discovered the COMB. “The complete dataset is likely to contain duplicates, but that may be by design. It allows threat actors to view all the leaked data about a person, tying together different data points from different leaks and breaches.”
At the moment we don’t know what the data has been collected for, but theories include surveillance and citizen tracking. The likelihood that this is the goal increases if the hacker is a state-sponsored agent.