Hundreds of Millions of Chinese Chat Logs Leak Online

Hundreds of millions of private chat logs from Chinese users have been left exposed on the internet, a researcher has found, in another worrying case of weak data protection in China. Financial Times reports: Victor Gevers, a security researcher at the cyber-security organisation GDI Foundation, said that he had found a database of 364m records [Editor's note: the link may be paywalled; alternative source.], containing social media profiles and chat logs linked to names and identity card numbers.

The database was freely accessible online to anyone who searched for its IP address, and user profiles were stored together with photographs, addresses and locations, said Mr Gevers. The main database was piping data to 17 other servers depending on which area the data came from, Mr Gevers said. [...] A large number of the records had the names and addresses of web cafes on them. Chinese cyber-security experts have long warned that web cafes collect vast amounts of customer data.

Re:

[nospam007]

"This is true of every. single. article. you link that is also paywalled."

He works in the subscription department of the Financial Times, it's an ad.

Re:May be paywalled?

[msmash]

Hi, Financial Times, The Wall Street Journal, The New York Times, The Washington Post, and The New Yorker maintain a metered paywall, allowing users to read a certain number of articles at no cost. Once you have read the "free/sample" articles, you are required to pay for the subscription. The reason why we mention a link might be paywalled is because there is a chance that some readers won't be asked to pay for it when they click on the source link. [More context: Some outlets let you read an article for free if you visit their links in incognito mode, or if you tapped their link on Twitter or other platform. Disclaimer: Like other news aggregators that rely on news from a number of sources, we don't condone breaking paywall of a news outlet. We use an excerpt or two from their stories, and in return, send them some traffic.] This is in contrast to some other news outlets like say The Information, which has a hard paywall, that requires you to absolutely pay for content if you want to read an article there. If we link to The Information, we will 100 percent mention that the link is paywalled. And if you look at some of the stories we have covered that The Information broke, you will see that we have instead linked to other news outlets that rewrote The Information's stories. We try not to link to any paywalled outlet unless there is no alternative source available, in which case we have limited choice. Sometimes an alternative source is available but the story might be riddled with factual errors or too many grammatical mistakes, in which case, we again resort to the paywalled outlet. In any case, we try to link to an alternative source as well, which would not charge readers whenever that is possible.

Re:

[tepples]

Once you have read the "free/sample" articles, you are required to pay for the subscription.

I think AC's point is that WSJ has zero "'free/sample' articles".

Re:May be paywalled?

[Oswald McWeany]

C'mon. It IS paywalled. Just because you pay to get through the paywall doesn't mean it isn't paywalled. It just means that you have paid to get through the wall.

This is true of every. single. article. you link that is also paywalled.

This is Slashdot.

You're not supposed to actually read the article.

Re:

[Rosco P. Coltrane]

That's the difference between the crypto-dictatorial regimes in communist China and in capitalist America: in the former, sites are police-firewalled. In the latter, they're paywalled. In both cases, there's a fucking wall.

Not us!

[guygo]

And Huawei wants the world to believe they'd NEVER collect data for the government. Yeah, sure.

Re:

[Freischutz]

And Huawei wants the world to believe they'd NEVER collect data for the government. Yeah, sure.

Where did Huawei ever come into this discussion? Huawei was never mentioned here or in TFA until you brought it up. This looks like some kind of social media rig-up that streams data to local police for manual inspection. Whatever Huawei is doing, it had no part in this that I can see. Basically this operation is a similar but somewhat less advanced version of what the USA's very own NAS is doing in the US, and everywhere else they can get away with it, i.e. the wholesale warehousing of online data in order

Re: Not us!

[guygo]

Every Chinese corporation (Huawei being a big one) with an internationally-facing department - most especially those that handle information transfer - are part of the government's data-collection system. It's the law there. To think they're not collecting and reporting is the height of naivete.

Re:

[gtall]

Freishutz: Hello, Chinese Government/Communist Party?

CG/CP: Yes.

Freishutz: We here on Slashdot would like hard proof that Huawei either is or is not providing you with information. Please post it here.

CG/CP: Sure thing, Boss, we gonna get right on that...errrmm...just as soon as we have another Party Congress and can establish its place in a new 5 year plan. The new 5 year plan should be available in around 15 years. Can you wait?

Freishutz: Yup, sure, we trust you.

Re:

[Freischutz]

Freishutz: Hello, Chinese Government/Communist Party?

CG/CP: Yes.

Freishutz: We here on Slashdot would like hard proof that Huawei either is or is not providing you with information. Please post it here.

CG/CP: Sure thing, Boss, we gonna get right on that...errrmm...just as soon as we have another Party Congress and can establish its place in a new 5 year plan. The new 5 year plan should be available in around 15 years. Can you wait?

Freishutz: Yup, sure, we trust you.

Oh, my, you accused me of being a communist ... *thud* ... *thud* ... *thud* ... your words, given weight by your awesome wit and oratory skill, pierce my should like arrows.

Re:

[guygo]

It may not be unreasonable to you, but I really don't care about what you find reasonable or not. Really, I don't give a whit. I am not at trial, I am expressing an opinion and therefore am under no obligation to prove or disprove anything, all of which is still legal in the US at this time. I provide no link to any "right-wing blog" yet you make a point of accusing me of such; sounds like you're the one with a prejudice/censorship problem. So perhaps you can absorb that the opinions expressed by the po

Re:

[Freischutz]

It may not be unreasonable to you, but I really don't care about what you find reasonable or not. Really, I don't give a whit. I am not at trial, I am expressing an opinion and therefore am under no obligation to prove or disprove anything, all of which is still legal in the US at this time. I provide no link to any "right-wing blog" yet you make a point of accusing me of such; sounds like you're the one with a prejudice/censorship problem. So perhaps you can absorb that the opinions expressed by the posters are theirs and do not indicate anything other than their opinions; perhaps not. One thing I know for sure, I don't have to "prove" anything to you.

So, where is your proof? Having trouble finding any? Because your entire post contained only this: https://youtu.be/hsPtqjwcMx [youtu.be]

I really don't care what accusations you pull out of your rectum and hurl around like an angry chimp until you can prove them ... so pony yup or shut up.

Re:

[Freischutz]

You are ... not really playing with a full deck of cards, are you?

https://www.wsj.com/articles/two-china-tech-titans-wrestle-over-user-data-1501757738

It's not even a question anymore that Huawei is trying to do whatever it can to become the top cellphone maker in the world (the above is just an example of its practices in China).

If you think western companies are bad at tricking people into giving up their data, it is nothing compared to what Huawei does.

Firstly that site is paywalled and linking to it is downright rude. Secondly what little the paywall didn't hide is:

To build its AI capability—so that its phones can, say, make restaurant suggestions based on a user’s text messages—Huawei Technologies Co. is collecting user-activity information on its advanced Honor Magic smartphone. Among the information captured: text messages sent using the popular WeChat social-media app.

That is a pretty accurate description of what Google, Face

Re:

[guygo]

HAHAHAHA. You REALLY don't understand how this stuff works, do you? I will say again, I don't have to prove anything to you. And I'll be damned if I'll click a malware link presented to me by a troglodyte. Go suck your thumb and pound sand, little man. You and your "My way or the highway" attitude gets you nowhere around here.

Re:

[Spamalope]

How about find all of the Huawei employees logged and add a few things. Like chatting about the Tienanmen square massacre and that they're organizing a protest about it. In fact, with all the other breaches it'd be fun to add things like that for a random selection of party members. Free Tibet, party takeover plans etc.

Re:

[guygo]

be sure to liberally spread "Winnie the Pooh" throughout the logs...

Re:

[account_deleted]

Comment removed based on user account deletion

Doesn't matter

[nospam007]

6 billion people can't read it, it's in Chinese.

Re:

[Oswald McWeany]

6 billion people can't read it, it's in Chinese.

I'm sure most of it is mundane chatter anyway with out anything interesting to most people. Just millions of people saying "I'm hungry, but I just ate lunch."

no data - no cry!

[kiviQr]

You are worrying about "weak data protection" but not about fact that data is collected!? Stop collecting then you will not have to worry!

Re:

[epine]

Stop collecting then you will not have to worry!

There goes the entire birth control industry in a giant, ugly puff of logic.

Official Obligatory Anti-PC Troll Response:

[Tablizer]

A million lines of, "Oh Wei, I love you long time!"

no problem

[bill.pev]

... not a single one of those people should be concerned, unless of course he or she has broken the law!

Why do they monitor gamers?

[Mojo66]

From Gevers Twitter:

It is most likely that this system is only for tracking gamers as most of the sample dialogs appears to be about this subject.

Can someone, maybe from China, come up with a good explanation why they seem to have such a particular interest in gamers?

Re:

[guygo]

Perhaps there is a correlation with how much time they spend online vs other demographics.