Details have emerged on how more than a billion personal records were stolen in China and put up for sale on the dark web, and it all boils down to a unprotected online dashboard that left the data open to anyone who could find it.
More than 23TB of details apparently stolen from the Shanghai police was put up for sale on the underground Breach Forums by someone with the handle ChinaDan for 10 Bitcoin ($215,000 at time of writing). The data collection included names, addresses, birthplaces, national ID numbers, cellphone numbers, and details of any related police records.
According to cybersecurity experts, the data was exposed to the world from a non-password-protected web dashboard. And that public-facing Kibana-powered site had been left open since the end of 2020, according to LeakIX, a website that tracks exposed databases online.
Open-source Kibana is used all around the world to view and manage Elasticsearch clusters. “The service leaking the data was an unprotected Kibana instance running on port 5601, the default Kibana port,” LeakIX claimed. If that’s correct, it means if anyone scanned the internet for public-facing Kibana deployments, they would have eventually found this one in China.