Chinese Database of Company Providing Video-based crowd analysis and facial recognition Left Open

2019, Breaches, February

Who: SenseNets

How Many Records: 2,565,724 users along with a stream of GPS coordinates

Date: February 14, 2019

What Happened: SenseNets’ MongoDB databases left exposed online without authentication

How did it happen: One of the facial recognition databases that the Chinese government is using to track the Uyghur Muslim population in the Xinjiang region has been left open on the internet for months. The user data wasn’t just benign usernames but user profiles with information such as names, ID card numbers, ID card issue date, ID card expiration date, sex, nationality, home addresses, dates of birth, photos, and employer. Also a list of GPS coordinates, locations where that user had been seen. The database contained a list of “trackers” and associated GPS coordinates that appear to be the locations of public cameras from where the ​video had been captured and was being analyzed.

Outcome: Chinese company secured the database earlier today and blocked all access from non-Chinese IP addresses using a firewall rule.