Security News

Millions, Including World Leaders, Exposed in Chinese Data Leak

A database containing the personal information of 2.4 million people around the world, including British Prime Minister Boris Johnson and his relatives, high ranking military officers (incl. aircraft carrier captains), the Royal Family, celebrities and diplomats, has been leaked by a Chinese company with ties to the country's military and intelligence networks.

The information was collated from open sources such as Facebook, Linkedin, Twitter, Instagram and TikTok, and included names, addresses, dates of birth and marital status, relatives of 'targets', political associations, and photographs. ABC News in Australia reported that some data appeared to be from confidential sources such as bank records, job applications and psychological profiles, even the dark web.

Shenzhen-based Zhenhua Data, the company behind the leak, is understood to have strong links with China's intelligence service, the Ministry of State Security, and lists the Chinese Communist Party and People's Liberation Army as two of its clients.

The database was leaked to American academic Christopher Balding, who had worked at the HSBC Business School at Peking University but returned to the US fearing his safety. He described the leak as "something akin to discovering the Holy Grail" for China researchers.

Balding passed the data on to a cyber security company, which was able to restore around 10% of the records. It was then that the extensive list of targets was revealed.

"What cannot be underestimated is the breadth and depth of the Chinese surveillance state and its extension around the world," Balding wrote in an online statement. "Even Chinese 'experts' continue to radically underestimate the investment in monitoring and surveillance tools dedicated to controlling and influencing, not just (China's) domestic citizens and institutions, but assets outside of China."

He also expressed his concern for those who leaked the information to him.

"The individual who provided the database (is) putting themselves at risk ... and is proof that many inside China are concerned about Chinese Communist Party authoritarianism and surveillance."

Zhenhua Data went to extraordinary lengths to obtain data. In one case, that of Adam Gilmour, founder of Gilmour Space Technology in Australia, the company searched every 'Gilmour' in the country in order to find their target. They also profiled all board members of the company.

Zhenhua's website was taken down soon after the leak became known and journalists started firing questions at the company. When the site was live, the term "hybrid warfare" was used by the company to describe manipulating social media in order to destabilise a country, leading to "internal conflicts, social polarisation, and radicalism in a country". The Zhenhua website also noted that hybrid warfare is less expensive than traditional warfare.

+ + +

Thanks for visiting SecAlerts and reading this story. We offer a free weekly CVE alert service, or an hourly service from $US20/mth, both of which include software updates and news relating to your software stack. Join more than 1,300 other users and sign up.

. . .

If you want to stay notified of vulnerabilities that affect you, register for a weekly security report customised to your stack.

Receive alerts for vulnerabilities, zero-days, security news and more

Try our FREE 14-day trial. See an example email

Example email for SecAlerts