What is likely one of the largest personal data thefts in history — and the largest known cybersecurity breach in China — was caused by a common security flaw that left data open to circulating online, say the cybersecurity experts who discovered the vulnerability earlier this year.
Shanghai police records — containing the names, government identification numbers, phone numbers and incident reports of nearly a billion Chinese citizens — have been securely stored, according to cybersecurity experts. But a dashboard was set up to manage and access data on a public web address and left open without a password, allowing anyone with relatively basic technical knowledge to browse and copy or steal a set of information, they said.