Cybernews reports Elasticsearch server leaking data of 1.5 billion people

A massive data leak is discored exposing multiple Chinese organizations and sectors. The leak is uncovered by the Cybernews research team in January 2025. The incident is caused by an unprotected Elasticsearch server containing approximately 1.5 billion records of predominantly Chinese citizens' personal information across various sectors including healthcare, finance, transportation, social media, e-commerce, and education.

The exposed data included:

• Full names
• Email addresses
• Platform ID numbers
• Usernames
• Phone numbers
• Healthcare data
• Financial records
• Transportation-related details
• Education-related records
• Government ID numbers

The server remained exposed for several months before being secured following multiple contact attempts with China's CERT. Researchers believe this dataset is likely a combination of previously known leaks and new, previously unreported data breaches. The server's ownership remains unclear, raising concerns about potentially malicious intent behind the data aggregation. Affected organizations include:

• Weibo (504 million records)
• JD.com (142 million records)
• SF Express (over 25.1 million records combined)
• DiDi (20 million records)
• KFC China (5 million records)
• The Communist Party of Shanghai (1.6 million records)

While the total number of records is 1.5 billion, the actual number of affected individuals may be lower due to potential duplications across different platforms.

The exposed server has been secured following intervention from China's CERT. This incident ranks among the larger known data breaches involving Chinese citizens' data.