Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|Europe Confirms Record €4.1B Penalty Against Google for Android Practices|U.S. CISA adds a Microsoft SharePoint Server flaw to its Known Exploited Vulnerabilities catalog|430,000 FortiGate Devices Exposed in FortiBleed Ransomware Link|Adobe fixed multiple maximum-severity flaws in ColdFusion and Campaign Classic|Alleged Scattered Spider Hacker Extradited to U.S. to Face Cybercrime Charges|Oracle E-Business Suite Flaw Under Active Attack, 950 Systems Exposed|Azure CLI Targeted in LSHIY Password Spray Campaign Across 64 Orgs|CISA Warns BlueHammer Flaw Is Now Exploited in Ransomware Attacks|RustDuck: The Botnet That’s Still Small but Engineering Like It Plans to Grow|GuardFall Flaw Hits 10 of 11 Popular Open-Source AI Agents|XSS.is, The Forum That Ran the Ransomware Supply Chain Is Down. The Market Isn’t|U.S. CISA adds SimpleHelp flaw to its Known Exploited Vulnerabilities catalog|
Advertisement

Ad Placeholder

Full Width × 90

Breaking News

56.25 million US residents records collected by CheckPeople exposed on a Chinese server

A database containing the personal details of 56.25 million US residents that allegedly belongs to CheckPeople.com website was exposed online. A database containing the personal details of 56.25 million US residents that allegedly belongs to the CheckPeople.com website was exposed online on a server having a Chinese IP address. The huge trove of data includes […]

China-linked APT Salt Typhoon

A database containing the personal details of 56.25 million US residents that allegedly belongs to CheckPeople.com website was exposed online.

A database containing the personal details of 56.25 million US residents that allegedly belongs to the CheckPeople.com website was exposed online on a server having a Chinese IP address.

The huge trove of data includes names, home addresses, phone numbers, and ages. The size of the NoSQL database is 22GB and included metadata that links the collection to CheckPeople.com.

The CheckPeople.com service allows subscribed users to search for information about people of interest (i.e. current and past addresses, phone numbers, email addresses, names of relatives, and even criminal records in some cases). The data are likely collected by the service from public sources.

The strange aspect of this discovery is that the archive is exposed on an IP address operated by an Alibaba’s web hosting company in Hangzhou, China.

“However, all of this information is not only sitting in one place for spammers, miscreants, and other netizens to download in bulk, but it’s being served from an IP address associated with Alibaba’s web hosting wing in Hangzhou, east China, for reasons unknown.” reads the post published by The Register that reported the news in exclusive. “It’s a perfect illustration that not only is this sort of personal information in circulation, but it’s also in the hands of foreign adversaries.”

The archive was discovered by a white-hat hacker that goes online with the handle Lynx that shared his findings with The Register.

“In and of itself, the data is harmless, it’s public data, but bundled like this I think it could actually be worth a lot to some people,” Lynx told El Reg this week. “That’s what scares me, when people start combining these with other datasets.”

The archive did not contain criminal record searches, even if this kind of information is provided by the CheckPeople service.

The Register has attempted to report the discovery to CheckPeople, but the company has yet to respond.

It is not clear if CheckPeople hosted its server in China or someone has obtained its data and exposed online, the unique certainly is that data belonging to 56.5 million American residents are now available for the Chinese Government and crooks.

[adrotate banner=”9″] [adrotate banner=”12″]

Pierluigi Paganini

(SecurityAffairs – data leak, CheckPeople)

[adrotate banner=”5″]

[adrotate banner=”13″]