One of the largest data leaks ever sees info on 1.5 billion people leaked online

(Image credit: Shutterstock / DRogatnev)

1.5 billion exposed records have been discovered by researchers
Records are primarily from Chinese social media and ecommerce platforms
Victims are at risk of identity theft and social engineering attacks

Researchers from CyberNews have discovered an unprotected server with ‘hundreds of millions’ of records, including brands from major brands such as Weibo and DiDi, amongst many others - with the total number of comprimised records potentially numbering 1.5 billion.

The compromised data included Personally Identifiable Information (PII) such as full names, email addresses, financial information, healthcare records, and phone numbers. The largest set of information was credited to QQ messenger, and the second largest was 504 million records credited to social media giant Weibo - although it's likely these were from previous leaks.

The largest dataset with no known previous major leaks was from JD.com (Jingdong), a Chinese ecommerce firm, with the researchers discovering a staggering 142 million JD.com records in the instance.

No clear indication of ownership

Whilst some data was seemingly exposed in previous data leaks, much of the information was ‘undoubtedly’ compromised for the first time in this incident. This dataset is most likely a mix of known exposed information, and newly leaked data that was all collated into one (now closed) Elasticsearch server.

According to researchers, the server was exposed for ‘several months’ but was closed following multiple disclosure notices.

The exposed instance shows ‘no clear indication of its true ownership’, which researchers point out suggests there may be malicious intent behind the collation of such a ‘large and diverse’ dataset.

A wide dataset gives threat actors a broad scope to carry out targeted attacks like account hacking, sophisticated social engineering attacks, and identity theft.

Although the scale of the incident is enormous, it is potentially only the second data breach of this scale in recent memory, showing the need for greater protection for businesses everywhere.

Check out our list of the best firewall software around today
US state sues T-Mobile over 2021 data breach which leaked data of millions
We've also rounded up the best antivirus on offer right now

Ellen has been writing for almost four years, with a focus on post-COVID policy whilst studying for BA Politics and International Relations at the University of Cardiff, followed by an MA in Political Communication. Before joining TechRadar Pro as a Junior Writer, she worked for Future Publishing’s MVC content team, working with merchants and retailers to upload content.