China: Database with 800 million faces and number plates on the web

0
11
china database with 800 million faces and number plates on.jpg
china database with 800 million faces and number plates on.jpg

According to media reports, a Chinese database was openly accessible online for months. It contained 800 million data sets with faces, for example.

 

According to media reports, a database with 800 million records, consisting of photos of faces and license plates, was openly accessible on the Internet until August. The data came from surveillance cameras from the Chinese manufacturer Xinai Electronics.

 

The manufacturer’s systems are intended to provide access controls for people and vehicles, for example to the workplace, multi-storey car parks, schools or construction sites. As Techcrunch reports, the company not only wants to use it to implement access controls, but also to enable monitoring of the presence of employees, for example for payroll purposes. The cloud systems for scanning license plates, on the other hand, should enable car park operators, for example, to collect parking fees without on-site staff.

Xinai operates an extensive network of cameras throughout China. With this, the company collected millions of photos of faces and license plates. On the company’s website, Xinai claims that the data is securely stored on its own servers. That turned out to be an empty promise.

IT security researcher Anurag Sen found the unprotected database on a server hosted by Alibaba in China. According to Sen, the database contained a great wealth of information and was growing rapidly day by day. Eventually, it contained hundreds of millions of records and full web addresses of image files hosted on multiple domains owned by Xinai. Neither the database nor the hosted image files were protected by passwords and could be accessed via web browser by anyone who knew where to look.

SEE ALSO  I have tried the Nothing Phone (2a): this mobile is going to turn the mid-range upside down for less than 330 euros

The database also contained links to high-resolution photos of faces. For example, construction workers entering construction sites, office visitors checking in, and other personal information such as the person’s name, age, gender, and resident ID numbers. It also included recordings of license plate numbers captured by cameras in parking garages, driveways, and other office entrances.

As Techcrunch points out, Sen wasn’t the only one who discovered the database. In an undated ransom note, a blackmailer claimed he had stolen the contents of the database and would recover the data in exchange for a few hundred dollars in cryptocurrency. It is not known whether the blackmailer stole or deleted data. However, the blockchain address provided in the ransom note did not receive any funds.

The database disappeared in mid-August and was no longer accessible. A data protection law has been in force in China since November 1, 2021, which provides, for example, for companies to obtain their consent before data is collected and processed. But government agencies are left out. Apparently, it doesn’t curb the data-gathering frenzy either.

About two months ago, it became known that the Shanghai police had around one billion data sets stolen. It remains to be seen whether the recent data protection laws will lead to improvements for the Chinese population in the future.