Mystery database containing sensitive info on 762,000 car-owners discovered by researchers

(Image credit: Shutterstock)

In early August, cybersecurity researchers from Cybernews discovered an unprotected database containing sensitive information on hundreds of thousands of Chinese individuals. To this day, they haven’t figured out who the database belongs to, or why it was generated and left open in the first place.

Using Elasticsearch, a search engine for databases, the Cybernews team found a database containing details on 762,000 car owners, and their vehicles. The archive contained people’s names, ID numbers, phone numbers, email addresses, postal addresses, birth dates, vehicle identification numbers (VIN), car brand, car model, engine number, and vehicle color. In other words, there was more than enough information to engage in identity theft or even worse - grand theft auto.

“The exposure of this database is particularly alarming due to the detailed nature of the personal and vehicle information involved. The breach could have severe consequences for the affected individuals, including identity theft, financial fraud, and potential physical security risks,” Cybernews researchers said.

Mystery owners

The owners of the database remain a mystery. The archive was hosted on a US-based IP address, and after it was discovered on August 4, it was locked down after 48 hours.

The researchers speculate foul play here. They don’t believe that a legitimate company was gathering and storing the information, but rather that this was the work of a threat actor. The argument is that no company would need such a specific combination of information, while cybercriminals would. Still, no one has come forward to claim ownership over the database.

Unprotected databases remain one of the most common reasons for data leaks and spills. Nowadays, the majority of sensitive data is stored in the cloud, and in many cases, the administrators simply forget (or can’t be bothered) to protect it with a password, or multi-factor authentication (MFA).

More from TechRadar Pro

Over 750 million records exposed by ERP firm data breach — find out if you're safe
Here's a list of the best firewalls around today
These are the best endpoint security tools right now

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.