Data leak exposes 364 million Chinese social media profiles tracked by police surveillance programme, security researcher says

A database of hundreds of millions of chat logs of Chinese social media users has been leaked online, revealing that private records like user photos and identity card numbers were gathered by a government-linked surveillance program, a researcher has found.

Victor Gevers, a cybersecurity researcher with the non-profit GDI Foundation, shared his findings on Twitter on Monday. The surveillance network, he said, tracks about 364 million online profiles on a daily basis and retrieves sensitive information including their private chats, file transfers, real names, and ID numbers. The data is then distributed to police stations across the country.

“In China, they have a surveillance program on social networks which looks like a jerry-rigged PRISM clone of the NSA,” Gevers said in a tweet, referring to the US surveillance system revealed by former NSA contractor Edward Snowden in 2013.

The Chinese database in question was first exposed on the internet on March 2, but the breach was secured after Gevers publicly highlighted the problem, he said.

"These surveillance systems are dangerous when they are open and fully accessible to anyone, which increases the risk of remote data manipulation. We have seen databases get ‘ransomed’ in the past," Gevers said in a Twitter direct message.

GDI Foundation, whose findings are widely picked up by media, says its mission is to address security issues with responsible disclosure.

A large number of records in the database contain the names and addresses of cybercafes, according to a screenshot shared by Gevers. He pointed to the use of monitoring software in those internet cafes as a potential tool for gathering user data.