Chinese SenseNets Data Leak Exposes Millions Of Individual Records
Information from Chinese surveillance and technology firm SenseNets leaked Tuesday, making arranged and compiled personal information on 2.6 million people in Xinjiang, China, publicly accessible, according to AFP.
Sharing the leak on Twitter, Victor Gevers, a security researcher for the Dutch non-profit GDI.foundation, found that the company tech company stored ID numbers, birthdays, addresses, ethnicities and employers of individuals in a database that was “fully accessible to anyone.”
There is this company in China named SenseNets. They make artificial intelligence-based security software systems for face recognition, crowd analysis, and personal verification. And their business IP and millions of records of people tracking data is fully accessible to anyone. pic.twitter.com/Zaf6w5502i
— Victor Gevers (@0xDUDE) February 13, 2019
In addition, Gevers also discovered that the exposed data contains about 6.7 million data points linked people with “tags” such as “mosque,” “hotel,” “internet cafe” and more. These tags were gathered within 24 hours and are most likely places were surveillance cameras are present. (RELATED: China Still Arresting Canadians For Their Standing With The US)
“Who in their right mind runs a database which is completely open and gives any visitors full administrative rights so then those database records can be manipulated by anyone with an internet connection?” Gevers asked. “It simply does not compute.”
The leak comes in a time where high-tech surveillance has been demanded in the Xinjiang region. One of the more heavily surveillanced groups in the area is the Uighur Muslims and other Turkic minorities, who number close to 12 million in the region.
China legalized re-education camps for Uighur Muslims to provide “vocational training” for the minority group in October. However, these camps are starting to be discovered as detention camps, that force nearly 1 million Muslims into conversion and labor, and have faced criticism from the United Nations. (RELATED Uighur Muslim Woman Recalls Torture In Chinese Government Internment Camp: ‘I Though I’d Rather Die’)
Coinciding with these recent developments, the leaked information has been deemed by Gevers as a “Muslim tracker” as the Uighur population counts for 28.3 percent of the information recorded.
So this insecure face recognition/personal verification solution is built and operated for only one goal. It’s a “Muslim tracker” funded by Chinese authorities in the province of Xinjiang to keep track of Uyghur Muslims. ???? https://t.co/CG0RCZbphP
— Victor Gevers (@0xDUDE) February 14, 2019
— Victor Gevers (@0xDUDE) February 18, 2019
“It looked like that because most of the coordinates were pinpointing to a known region where these people are living in camps,” said Gevers.
SenseNets has taken action to secure and close the database since Gevers found the information last week.