Threat Actor: Unknown | unknown
Victim: China Natural Gas Group | China Natural Gas Group
Price: Available for sale on dark web
Exfiltrated Data Type: Personal information, ID cards
Key Points :
- Data breach occurred in August 2024, affecting over 7.5 million users.
- Included 5.8 million ID cards and detailed personal information such as birth dates, addresses, and phone numbers.
- Key data fields compromised: “hir_carrier, cal_birthyear, id_province, userId, mobile, and idNo.”
Threat Actor: Unknown | unknown
Victim: Ding Talk Group | Ding Talk Group
Price: Available for sale on dark web
Exfiltrated Data Type: User records, sensitive information
Key Points :
- Breach occurred in August 2024, exposing 720,000 records.
- 300,000 entries revealed users’ full names, mobile numbers, and locations.
- Significant privacy concerns for users of the widely used communication platform in China.
Threat Actor: Unknown | unknown
Victim: China Post Bank | China Post Bank
Price: Available for sale on dark web
Exfiltrated Data Type: Loan application data, personal identification
Key Points :
- Breach in July 2024 involved the JISUDAI loan platform with 4.8 million records leaked.
- Data included loan categories, amounts, and personal identification information.
- Affects individuals across China using the online loan services.
Threat Actor: Unknown | unknown
Victim: China Provident Fund | China Provident Fund
Price: Available for sale on dark web
Exfiltrated Data Type: User database, ID card information
Key Points :
- Massive breach in July 2024 exposing 7.5 million entries.
- Included 87 million records with ID card information and personal details.
- High risk of identity theft and fraud for millions of citizens.
Threat Actor: Unknown | unknown
Victim: 51Talk | 51Talk
Price: Available for sale on dark web
Exfiltrated Data Type: Personal details, user records
Key Points :
- Breach occurred in August 2024, exposing 950,000 records.
- Leaked data included mobile numbers, full names, and location data.
- Affects a large portion of the user base of this online English education platform.
Threat Actor: Unknown | unknown
Victim: Various Chinese Companies and Institutions | Various Chinese Companies and Institutions
Price: Available for sale on dark web
Exfiltrated Data Type: Large datasets
Key Points :
- Threat actor is actively selling datasets on dark web forums.
- Data breaches span various sectors, including finance and education.
- Millions of user records are now circulating, raising privacy and security concerns.
In a series of revelations, several Chinese companies and institutions have fallen victim to significant data breaches, with millions of user records now circulating on dark web forums. These leaks span from financial institutions to online education platforms.
China Natural Gas Group Data Breach
One of the largest breaches involves the China Natural Gas Group, where data from over 7.5 million users was leaked in August 2024. The breach includes 5.8 million users’ ID cards, alongside detailed records containing personal information such as birth dates, addresses, phone numbers, and even product details. Key data fields in this breach include: “hir_carrier, cal_birthyear, id_province, userId, mobile, and idNo.”
Ding Talk Group Leak
The chat software Ding Talk, operated by Alibaba Group, also suffered a major breach in August 2024. A total of 720,000 records were exposed, with 300,000 entries revealing users’ full names. The compromised data consists of sensitive information such as mobile numbers, locations, and mobile carriers. Ding Talk is a widely used communication platform in China, and this breach raises significant privacy concerns for its users.
China Post Bank Loan Platform Breach
The JISUDAI loan platform, operated by China Post Bank, was another victim of a large-scale breach in July 2024. A database containing 4.8 million records was leaked, with extensive details about loan applicants, including their loan categories, amounts, and personal identification information. This breach affects individuals across China who have used the online platform for loan services, exposing both financial and personal data.
Provident Fund Data Leak
In a massive breach, the China Provident Fund’s user database was leaked in July 2024, exposing 7.5 million entries. Among the compromised data, a staggering 87 million records were found containing ID card information. The dataset includes personal details such as names, phone numbers, and employment information, putting millions of Chinese citizens at risk of identity theft and fraud.
51Talk Platform Breach
In August 2024, 51Talk, a leading online English education platform in China, experienced a breach that exposed 950,000 records. Personal details such as mobile numbers, full names, and location data were leaked. As a prominent platform for learning English, this breach affects a large portion of its user base, with sensitive data now available for malicious actors to exploit.
Dark Web Offers
The threat actor behind these leaks is actively offering these datasets for sale on dark web forums, encouraging potential buyers to contact them directly.
The post Threat Actor Allegedly Leaked Massive Datasets From Chinese Firms and Institutions appeared first on Daily Dark Web.