A publicly accessible and unsecured ElasticSearch server owned by the Jiangsu Provincial Public Security Department of the Chinese province Jiangsu leaked two databases containing over 90 million people and business records.
Jiangsu (江苏省) is an eastern-central coastal Chinese province with a population of over 80 million and an urban population of more than 55 million accounting for 68.76% of its total population according to a 2018 population census from the National Bureau of Statistics, which makes it the fifth most populous province in China.
Provincial public security departments are “functional organization under the dual leadership of Provincial Government and the Ministry of Public Security in charge of the whole province’s public security work.”
The two now secured databases contained than 26 GB of data in the form of personally identifiable information (PII) names, birth dates, genders, identity card numbers, location coordinates, as well as info on city_relations, city_open_id, and province_open_id for individuals.
In the case of businesses, the records included business IDs, business types, location coordinates, city_open_id, and memos designed to track if the owner of the business is known.
Besides the two exposed ElasticSearch databases, the Jiangsu Provincial Public Security Department also had a Public Security Network admin console that required a valid user/password combo for access, as well as a publicly-accessible Kibana installation running on the server which would help browse and analyze the stored data using a GUI-based interface.
However, unlike other cases of exposed Kibana installations, this one was not fully configured seeing that, once loaded in a web browser, it would go straight to the “Create index pattern page.”