The biggest data leak in China’s history was possible because of an unprotected online dashboard. According to LeakIX, a service that tracks exposed databases online, a public-facing Kibana-powered site that had been left open for a year and a half is to blame.
As we reported last week, the hacker who calls themselves ChinaDan put up for sale a database containing records of 1.4 billion Chinese citizens. The database was supposedly stolen from Shanghai Police computer systems earlier this year.
The hacker claimed, that the database contained personal information of Chinese national residents, including names, addresses, birthplaces, national ID numbers, and phone numbers. It also contained crime cases details for the period from 1995 to 2019.
According to LeakIX, the service leaking the information was the unprotected Kibana instance running on port 5601, which is the default port for Kibana, a free and open user interface for Elasticsearch data visualization. In other words, anyone who knew where to look could gain access to this sensitive database.
“The certificate information we gathered indicates the service was running behind es-cn-ex719u34jb5099704.kibana.elasticsearch.aliyuncs.com. This is the default Kibana endpoint exposed by AliBaba when an Elasticsearch service is deployed on a public network. Alibaba’s documentation currently states that exposure of the endpoint to a public network will happen by default,” reads the LeakIX report.
During the analysis of a compromised Kibana instance, the researchers found out that by June 26, at least four different groups accessed the cluster.