What types of data were exposed in the Chinese leak?

The exposed data included WeChat user identifiers and communication logs (over 805 million and 577 million records respectively), residential addresses (780 million records), financial data including payment card numbers and personal details (630 million records), Alipay payment information (300+ million records), gambling information, vehicle registration details, employment information, pension funds and insurance data, and Taiwan-related information.

How many people were affected by the Chinese data leak?

The number of affected individuals is estimated in the hundreds of millions, primarily Chinese citizens, making this the biggest single-source leak of Chinese personal data ever identified.

What WeChat data was exposed in the leak?

The leak included WeChat user identifiers and metadata from over 805 million records in the 'wechatid_db' collection, plus WeChat communication logs or user conversations from 577 million records in the 'wechatinfo' collection.

What financial information was exposed in the Chinese data breach?

The financial data included payment card numbers, dates of birth, names, and phone numbers from 630 million records in the 'bank' collection, plus Alipay payment card and token information from 300 million records in 'zfbkt_db' and additional Alipay financial data from 20 million records.

What happened to the exposed database after discovery?

The database was quickly taken down after the discovery, preventing researchers from conducting an extended analysis or identifying its owners. This rapid response limited further investigation into the scope and source of the massive data exposure.

Incident

Researchers discover unsecured database leaking 4 billion user records

Q: Who discovered the 4 billion record data leak?

The massive data leak was discovered by cybersecurity researcher Bob Dyachenko from SecurityDiscovery.com working in collaboration with the Cybernews research team.

published: June 6, 2025

Learn More

Cybersecurity researcher Bob Dyachenko from SecurityDiscovery.com in collaboration with the Cybernews research team is reporting a massive exposed unsecured database leaking over 4 billion user records.

It represents the biggest single-source leak of Chinese personal data ever identified and likely affects hundreds of millions of users, primarily Chinese citizens.

The exposed database contained 631 gigabytes of sensitive information across sixteen different data collections, ranging from half a million to over 800 million records from various sources. The Cybernews research team believes the dataset was collected and maintained for building comprehensive behavioral, economic, and social profiles for surveillance, profiling, or data enrichment purposes.

The exposed data included:

WeChat user identifiers and metadata (over 805 million records in "wechatid_db" collection)
WeChat communication logs or user conversations (577 million records in "wechatinfo" collection)
Residential addresses with geographic identifiers (780 million records in "address_db")
Financial data including payment card numbers, dates of birth, names, and phone numbers (630 million records in "bank" collection)
Personal identifiers, phone numbers, and usernames (610 million records in what appears to be "three-factor checks")
Alipay payment card and token information (300 million records in "zfbkt_db")
Additional Alipay financial data (20 million records)
Gambling information
Vehicle registration details
Employment information
Pension funds and insurance data
Taiwan-related information (in "tw_db" collection)

The number of affected individuals is estimated in the hundreds of millions. The database was quickly taken down after the discovery, preventing researchers from conducting an extended analysis or identifying its owners.

Researchers discover unsecured database leaking 4 billion user records