A security researcher stated he found tens of millions of Chinese language citizen identification numbers spilling on-line after an e-commerce retailer left its database uncovered to the web.
Viktor Markopoulos, a security researcher working for CloudDefense.ai, stated he discovered the database belonging to Zhefengle, a China-based e-commerce retailer for importing items from abroad.
The database contained greater than 3.3 million orders spanning 2015 by 2020, Markopoulos stated, however had not been protected with a password.
The order database contained corresponding buyer delivery addresses and telephone numbers, in addition to the client’s government-issued resident identification card quantity. Lots of the orders additionally embody uploaded copies of the client’s identification card, information.killnetswitch has seen.
Clients who import items to China should have their identification verified, and it’s not unusual for shops to ask for patrons to add a duplicate of their identification card.
It’s not recognized for the way lengthy the database was uncovered. Anybody who knew the IP deal with of the database might entry the info inside utilizing solely their internet browser.
information.killnetswitch contacted the house owners of the net retailer with particulars concerning the uncovered database. A short while later, the database grew to become inaccessible. In reply, the shop house owners responded: “The vulnerability has been addressed promptly. We’re presently investigating the trigger internally.”
information.killnetswitch’s Rita Liao contributed reporting.