Massive Leak Exposes 4 Billion User Records, Marking the Largest Known Breach of Chinese Personal Data
June 07, 2025 
Cybersecurity experts uncover a staggering 4 billion user records exposed online, potentially linked to the surveillance of Chinese citizens.
A recent investigation led by cybersecurity researcher Bob Dyachenko, in collaboration with Cybernews, has unveiled a significant data breach that has compromised billions of sensitive documents, including financial records and data from popular Chinese applications such as WeChat and Alipay. This incident is expected to impact hundreds of millions of individuals in China, raising serious privacy and surveillance concerns.
The researchers identified an unsecured database spanning 631 gigabytes, containing around 4 billion records primarily associated with Chinese users. This immense data leak is reportedly unprecedented, with implications that could extend to targeted phishing attacks, fraud, blackmail, and even state-sponsored disinformation campaigns.
According to findings detailed by Cybernews, an astonishing 631 gigabyte database was left without password protection, exposing a total of 4 billion records. The nature of the data collected suggests a highly organized system aimed at surveillance and profiling of individuals. The lack of actionable privacy measures leaves users vulnerable to exploitation by threat actors looking to exploit the data.
The leaked data was categorized into 16 separate collections, the largest of which, referred to as “wechatid_db,” contained over 805 million records. Other significant collections included “address_db,” with approximately 780 million records of residential information, and a financial data set labeled “bank,” which contained over 630 million entries detailing payment card numbers and personal identifiers. Even possessing just a subset of these collections could enable attackers to piece together highly detailed user profiles, facilitating various forms of cybercrime.
Although accessing the massive dataset briefly, the research team could not trace the breach back to its originating organization; the server was taken offline shortly thereafter, making it impossible for affected individuals to take protective action. While earlier incidents in China, such as those involving Weibo and DiDi, have garnered attention, none have equaled the scale of this breach, which solidifies its place as the most significant single-source leak of Chinese personal data.
This incident raises critical questions regarding initial access tactics that could have been employed by attackers to compromise this extensive dataset, as outlined in the MITRE ATT&CK framework. Potential techniques could include social engineering tactics or exploitation of vulnerabilities in software. This breach serves as a crucial reminder for businesses and individuals alike about the ongoing risks in the realm of cybersecurity, particularly in relation to personal data protection.
As the cybersecurity landscape evolves, the implications of such extensive data leaks underline the necessity for heightened vigilance and proactive strategies to safeguard against potential threats. The enormity of this data breach sets a new benchmark in the realm of information security and underscores the importance of robust cybersecurity measures.
For further updates on this evolving situation, follow Pierluigi Paganini on Twitter at @securityaffairs or visit SecurityAffairs.
