China’s Largest-Ever Data Leak Exposes Billions of Sensitive Records

In what may be the most extensive data breach in China's history, a stunning 4 billion sensitive records have been publicly exposed due to a misconfigured database. The leak, which includes financial data, WeChat and Alipay information, and deeply personal user details, could impact hundreds of millions of people, mostly Chinese citizens.

The breach was discovered by cybersecurity researcher Bob Dyachenko and the Cybernews research team, who found the open database during routine internet scans. The unprotected instance was quickly taken down, but not before researchers caught a glimpse of contents.

The 631-gigabyte database had no password protection and was publicly accessible, revealing billions of entries across 16 different data collections.

“The sheer volume and diversity of data types in this leak suggests that this was likely a centralized aggregation point, potentially maintained for surveillance, profiling, or data enrichment purposes,” the researchers said.

What Was Leaked?

According to the analysis, the data was divided into 16 collections, each appearing to represent a different category of personal information, including:

• “wechatid_db”: Over 805 million user IDs, likely WeChat.
• “address_db”: Over 780 million records of residential data, including geographic tags.
• “bank”: More than 630 million entries detailing financial data, card numbers, birth dates, names, and phone numbers.
• “three-factor checks” (Mandarin title): Over 610 million entries potentially containing ID numbers, phone numbers, and usernames.
• “wechatinfo”: Nearly 577 million entries of WeChat metadata — possibly even communication logs.
• “zfbkt_db”: 300 million records linked to Alipay cards and tokens, a potential goldmine for attackers.
• “tw_db”: Believed to include Taiwan-related data, suggesting cross-border surveillance.

The remaining 353 million records were spread across collections related to gambling, vehicle registration, pension funds, employment, and insurance.

Who’s Behind It?

The origin of the database remains a mystery. There were no identifying headers, labels, or metadata pointing to a specific organization, government, or actor. The speed at which the infrastructure was removed suggests it was either abandoned or deliberately hidden after being discovered.

Why This Is So Dangerous?

With so much highly specific data exposed, attackers could easily correlate identities across datasets to infer:

• Where a person lives
• Their financial habits, debts, and savings
• Their communication patterns on apps like WeChat
• Their employment history and benefits

This level of detail can enable highly personalized  phishing attacks, blackmail, fraud, identity theft, and even nation-state surveillance or disinformation operations.

Can Affected Users Do Anything?

Unfortunately, there’s very little users can do. Since the owner of the database is unknown and there’s no formal mechanism to notify impacted individuals, most people won’t even know they were affected.

“Individuals who may be affected by this leak have no direct recourse due to the anonymity of the owner and lack of notification channels,” researchers concluded.

Worried About Your Data? Take Action Now

Even if your data wasn’t exposed in this breach, leaks or data breaches due to hacking occur every single day, and your information might already be out there.

Here are some actions you can do right now to safeguard your identity and digital life:

• Use a Digital Identity Protection tool to monitor whether your email addresses, phone numbers, or personal info have been leaked or sold on the dark web.
• Set up breach alerts to be notified the moment your data appears in a new leak.
• Change your passwords, especially on financial and messaging apps, and enable two-factor authentication (2FA) wherever possible. Make every password unique to the account. If you need help coming up with safe, unique passwords, check out our Free Password Generator.
• Watch out for phishing attempts — scammers often use leaked data to personalize their attacks. You can use free scam detection tools like Scamio and Bitdefender Link Checker to check suspicious links, offers, QR codes, or scammy correspondence.

Bitdefender Digital Identity Protection can help you stay informed, monitor data breaches in real time, and act quickly when your personal information is exposed.