Tangled mess: China’s data COMB poses colossal security threat

The trickbot virus has infected millions of computers worldwide – Copyright AFP Yuichi YAMAZAKI

Cybernews researchers, on May 6^th 2024, discovered a colossal dataset known as a COMB focused on Chinese citizens. A COMB is defined as a “Compilation Of Many data Breaches”. According to the research team, an unknown actor is building a COMB aimed at targeting Chinese individuals.

The data repository already has over 1.2 billion records and it is leaking online (potentially a 100-gigabyte size leak). Each leak contains at least a phone number and often includes other sensitive data such as address or identification card number.  This is one of the largest collections of stollen data reported to date.

Much of the data appears to be aggregated from previous public leaks. The compilation also includes some private and previously unseen datasets.

The data includes:

• 668,304,162 records containing QQ account numbers and phone numbers. QQ is a hugely popular social media app in China, similar to WhatsApp.
• 502,852,106 records containing Weibo account IDs and phone numbers. Weibo is a Chinese microblogging platform, similar to a hybrid of Twitter and Facebook.
• 50,557,417 records in the ShunFeng sub-dataset, including phone numbers, names, and addresses. ShunFeng provides logistic/courier services in China.
• 8,064,215 records in the Siyaosu sub-dataset, exposing names, phone numbers, addresses, and Identity Card numbers.
• 746,310 records in the sub-dataset called Chezhu, leaking name, phone number, email address, address, and Identity Card Number data.
• 100,790 records in the Pingan sub-dataset contain names, phone numbers, email addresses, home addresses, ordered services, card numbers, and amount paid. Ping An is an insurance company in China.
• 78,487 records in the Jiedai sub-dataset leaked names, phone numbers, addresses, ID card numbers, places of work, education levels, partner names, and phone numbers.

Given the entire population of China is roughly 1.4 billion, the COMB is about 87 percent of the nation’s populace. The data leaks began on 29^th April 2024. Applications for the data haul may include preparations for large-scale robocalling, scams, or phishing attempts focusing on Chinese citizens.

In terms of the origin of the incident, it has been established that the COMB is hosted in a data centre in Germany. The opportunity for the data theft is likely to arise with an inadvertently misconfigured the Elasticsearch (data storage and search tool).

So far security researchers have established that the dashboard interface for viewing the data has been configured to simplified Chinese, suggesting that the administrator is probably also be of Chinese origin.

However, it stands that the attribution for the massive data leak has yet to be definitively made and no individual or group has openly claimed responsibility for it.

“Such an immense collection of personal information suggests the individuals behind it likely have ulterior motives,” the Cybernews researchers have warned in a statement provided to Digital Journal.

The statement continues: “The complete dataset is likely to contain duplicates, but that may be by design. It allows threat actors to view all the leaked data about a person, tying together different data points from different leaks and breaches.”