Massive Chinese Data Leak Exposes 8.7 Billion Records in Unsecured Database
A significant data leak has exposed over 8.7 billion personal and business records, primarily affecting Chinese individuals. The unsecured Elasticsearch cluster, hosted on bulletproof infrastructure, remained accessible for three weeks before being secured, giving threat actors ample time to exfiltrate the data.
The exposed dataset included full names, phone numbers, national ID numbers, home addresses, email accounts, social media identifiers, and passwords many stored in plaintext or weakly protected. This sensitive information heightens risks of phishing, account takeovers, fraud, and identity theft, particularly for individuals who reuse passwords across services. Corporate data, such as company registration details and business contacts, was also compromised, enabling potential impersonation and targeted scams.
Security researchers suspect the leak was deliberate, given the data’s highly organized structure and storage on bulletproof infrastructure commonly used by high-risk entities. The records included up-to-date information from 2025, suggesting long-term aggregation rather than a historical breach. While the exact number of affected individuals remains unclear due to duplicated records, estimates place the impact in the hundreds of millions.
The incident underscores China’s ongoing struggle with large-scale data breaches, following previous leaks from major platforms like WeChat, Alipay, QQ, and Weibo, as well as government-linked entities. In September 2025, a separate breach exposed 500 GB of internal documents from China’s Great Firewall, while a 2022 Shanghai police leak compromised 23 terabytes of data for over a billion people. The identity of the threat actor behind this latest breach remains unknown, with no entity claiming responsibility.
Weixin/WeChat cybersecurity rating report: https://www.rankiteo.com/company/teamwechat
Elastic cybersecurity rating report: https://www.rankiteo.com/company/elastic-co
"id": "TEAELA1770659583",
"linkid": "teamwechat, elastic-co",
"type": "Breach",
"date": "1/2025",
"severity": "85",
"impact": "4",
"explanation": "Attack with significant impact with customers data leaks"{'affected_entities': [{'customers_affected': 'Hundreds of millions '
'(estimated)',
'location': 'China',
'size': 'Hundreds of millions (estimated)',
'type': 'Individuals and Businesses'}],
'attack_vector': 'Unsecured Database (Elasticsearch cluster)',
'data_breach': {'data_encryption': 'Weak or none (plaintext passwords)',
'data_exfiltration': 'Likely (threat actors had three weeks '
'of access)',
'number_of_records_exposed': '8.7 billion',
'personally_identifiable_information': ['Full names',
'Phone numbers',
'National ID numbers',
'Home addresses',
'Email accounts',
'Social media '
'identifiers',
'Passwords'],
'sensitivity_of_data': 'High (national ID numbers, passwords, '
'home addresses, etc.)',
'type_of_data_compromised': ['Personal data',
'Business data']},
'description': 'A significant data leak has exposed over 8.7 billion personal '
'and business records, primarily affecting Chinese '
'individuals. The unsecured Elasticsearch cluster, hosted on '
'bulletproof infrastructure, remained accessible for three '
'weeks before being secured, giving threat actors ample time '
'to exfiltrate the data. The exposed dataset included full '
'names, phone numbers, national ID numbers, home addresses, '
'email accounts, social media identifiers, and passwords (many '
'stored in plaintext or weakly protected). This sensitive '
'information heightens risks of phishing, account takeovers, '
'fraud, and identity theft. Corporate data, such as company '
'registration details and business contacts, was also '
'compromised, enabling potential impersonation and targeted '
'scams.',
'impact': {'brand_reputation_impact': "High (China's ongoing struggle with "
'data breaches)',
'data_compromised': '8.7 billion records',
'identity_theft_risk': 'High',
'systems_affected': 'Unsecured Elasticsearch cluster'},
'lessons_learned': "Incident underscores China's ongoing struggle with "
'large-scale data breaches and the risks of unsecured '
'databases. Highlights the need for stronger data '
'protection measures, including encryption and access '
'controls.',
'motivation': 'Likely deliberate (data aggregation for malicious use)',
'post_incident_analysis': {'root_causes': 'Unsecured Elasticsearch cluster '
'hosted on bulletproof '
'infrastructure, likely deliberate '
'data aggregation'},
'recommendations': ['Implement strong encryption for sensitive data',
'Enforce access controls and monitoring for databases',
'Regularly audit and secure Elasticsearch clusters',
'Educate users on password hygiene and phishing risks',
'Improve incident response plans for data breaches'],
'references': [{'source': 'Cyber Incident Description'}],
'response': {'containment_measures': 'Database secured after three weeks'},
'title': 'Massive Chinese Data Leak Exposes 8.7 Billion Records in Unsecured '
'Database',
'type': 'Data Breach',
'vulnerability_exploited': 'Unsecured Elasticsearch cluster'}