Want to read Slashdot from your mobile device? Point it at m.slashdot.org and keep reading!

 



Forgot your password?
typodupeerror
×
China Privacy Technology

Huge Chinese Database of Faces and Vehicle License Plates Spilled Online (techcrunch.com) 15

A massive Chinese database storing millions of faces and vehicle license plates was left exposed on the internet for months before it quietly disappeared in August. From a report: While its contents might seem unremarkable for China, where facial recognition is routine and state surveillance is ubiquitous, the sheer size of the exposed database is staggering. At its peak the database held over 800 million records, representing one of the biggest known data security lapses of the year by scale, second to a massive data leak of 1 billion records from a Shanghai police database in June. In both cases, the data was likely exposed inadvertently and as a result of human error.

The exposed data belongs to a tech company called Xinai Electronics based in Hangzhou on China's east coast. The company builds systems for controlling access for people and vehicles to workplaces, schools, construction sites, and parking garages across China. Its website touts its use of facial recognition for a range of purposes beyond building access, including personnel management, like payroll, monitoring employee attendance and performance, while its cloud-based vehicle license plate recognition system allows drivers to pay for parking in unattended garages that are managed by staff remotely. It's through a vast network of cameras that Xinai has amassed millions of face prints and license plates, which its website claims the data is "securely stored" on its servers. But it wasn't. Security researcher Anurag Sen found the company's exposed database on an Alibaba-hosted server in China and asked for TechCrunch's help in reporting the security lapse to Xinai. Sen said the database contained an alarming amount of information that was rapidly growing by the day, and included hundreds of millions of records and full web addresses of image files hosted on several domains owned by Xinai.

This discussion has been archived. No new comments can be posted.

Huge Chinese Database of Faces and Vehicle License Plates Spilled Online

Comments Filter:
  • by raymorris ( 2726007 ) on Tuesday August 30, 2022 @12:34PM (#62836951) Journal

    Sure am glad none of the US states is requiring similar facial recognition scans and photo ID before you can use any web sites that aren't entirely appropriate for young children https://news.slashdot.org/stor... [slashdot.org]

    A criticism / caricature of Democrats (who have a veto-proof supermajority and have run the California legislature since 1970) is that they want to be just like Chinese communists. They would do themselves a favor if they stopped enacting EXACTLY the same kinds authoritarian laws as the ones causing so many problems in China.

    • by Anonymous Coward

      A criticism / caricature of Democrats (who have a veto-proof supermajority and have run the California legislature since 1970) is that they want to be just like Chinese communists.

      Never mind that at least 2 Republicans voted for that bill, that doesn't fit your narrative!

    • It political "protect the children"
      Moron.
    • Sure am glad none of the US states is requiring similar facial recognition scans and photo ID before you can use any web sites that aren't entirely appropriate for young children https://news.slashdot.org/stor... [slashdot.org]

      A criticism / caricature of Democrats (who have a veto-proof supermajority and have run the California legislature since 1970) is that they want to be just like Chinese communists. They would do themselves a favor if they stopped enacting EXACTLY the same kinds authoritarian laws as the ones causing so many problems in China.

      It's hard to see the logic and relevance in these statements.

      Direct quote from the previous slashdot story that is purportedly an example of Democratic overreach: "... Buffy Wicks, a Democrat in the State Assembly who co-sponsored the bill with a Republican colleague, Jordan Cunningham." Hard to see how a bi-partisan law is an example of Democratic authoritarianism.

      And ... whether one likes or dislikes the California law, it's hard to see how facial recognition has anything to do with it.

      • by raymorris ( 2726007 ) on Tuesday August 30, 2022 @06:15PM (#62837961) Journal

        > Direct quote from the previous slashdot story that is purportedly an example of Democratic overreach. ... Hard to see how a bi-partisan law is an example of Democratic authoritarianism.

        All 31 Democrats voted for it. 2 Republicans did.
        You don't understand how a unanimous vote by every single Democrat, in a legislature that's been run by the democrats since 1970, is a democrat bill? Are you trying really, really hard to remain ignorant of what they're actually doing, because you can't stand the thought of anyone who put a (D) after their name doing bad things? That makes you exactly like a Trumper. Willingly, intentionally, making yourself incapable of seeing obvious truth.

        > And ... whether one likes or dislikes the California law, it's hard to see how facial recognition has anything to do with it.

        You don't understand how a law that requires facial recognition, or photo ID relates to facial recognition? If you'd LIKE to understand more, here's an article for you:
        https://www.techdirt.com/2022/... [techdirt.com]

        If you prefer the actual text of the law itself, as I do, here's copy/paste from the bill:
        --
        ensure that the purchaser is of legal age at the time of purchase or delivery, including verifying the age of the purchaser. ...
        [Web sites must] Estimate the age of users with a reasonable level of certainty
        --

        Making more sense to you now?

    • I'm seeing more and more in both public and private sector requiring identity verification through identity companies. How long until we find one is selling or leaking the data?
      • > How long until we find one is selling or leaking the data?

        Equifax provides this service. They're selling it daily, and leaked all of it in 2017. So the answer to your question would be "five years ago".

  • about all it could be used for is spammers and telemarketers try to scam the owners with extended vehicle warranty scams,
  • is tankman in there?

Hackers are just a migratory lifeform with a tropism for computers.

Working...