Days after the discovery of a database that contain the personal information of almost two million Chinese women including their “BreedReady” status, two more databases was discovered to have nearly the same database schema. The discovery gives more light on the previous database discovery as they are determined to have originated from the servers of a university in China.
Victor Gevers, a cybersecurity expert from GDI.Foundation and the one who discovered the existence of a Chinese database that included personal and private information of Chinese women have also found two more databases with almost the same database schema from the ‘BreedReady’ database. He said that the two other databases are hosted and maintained on servers which are linked to a university in Shangdong.
The previous discovery, known as the ‘BreedReady’ database is a document written in binary codes that contain information like name, age, phone numbers, and address of almost two million women, most of which are residents of the city of Beijing. It also includes an entry with the header ‘BreadReady’ which was answered by a yes (1) and a no (0).
The database was discovered accidentally by Gevers while he was looking for Chinese databases online for his research. Gevers is part of a non-profit called GDI.Foundation, that has already reported thousands of vulnerabilities and data leaks since it was founded.
The database revealed that the age of women in the registry ranges from 15-years-old to 95-years-old and 32-years-old on average. He said that “in China, they have a shortage of women. So an organization started to build a database to start registering over 1.8 million women.”
According to the database that was discovered by Gevers, 89 percent of the women are single while ten and one percent are divorced and widowed, respectively. However, until now, it is still unclear if the database was a registry of women in Beijing only or for the whole of China.
Gevers have asked help from other tech and cybersecurity experts on Twitter to determine the company “which does something with MQTT and [Chinese characters translating to ‘face network management’].
“The unprotected database is not reachable anymore for the last five hours. We will keep an eye on that IP address for a while to make sure it doesn’t come back online. We still do not know how the owner was or what the database was actually designed for,” wrote Gevers on Twitter.
After the discovery of the database, he noted that some of the fields in the said online document was recognizable and are familiar to him as he recognizes them from previous data leaks he has encountered. Gevers was referring to the following fields: source.IdentityCard, source.PeopleName, and source.Age. As of the moment, he has not been able to identify these sources yet.
With the discovery of the two new databases that resembles the ‘BreedReady’ document, the task of identifying and tracing the sources has taken a step forward. According to a more recent tweet from Gevers, he and his team are thinking about the coincidence that they keep “finding references to an OpenID [link supplied]/MQTT facial recognition service which looks tied to the previous database when it comes to the identification structure of the data. Both encapsulated in “_source” and using the same MongoDB version.”
He also noted that this is not the first time, if ever it was true, that students from the academe have leaked information online. He tweeted:
“Universities worldwide are known to leak information pretty often, and we suspect this a project run by students which got accidentally exposed.”
REGISTRY TO BEAR SECOND CHILD?
However, other experts have suggested that the databases are from the Chinese government and not from a university. A Tweeter user indicated that there is a town registry in every city in China that includes these kinds of information system and that he (Gevers) should contact the police station. Another one suggested that based on the Chinese characters, the BreedReady data is a government database. He said that the Chinese character translates to “registered in/from town” and it makes sense because the data “appears to contain a serial for the identity card.”
Another one suggested that the database may be used as a registration system used in China for people to give birth to a second child. He said that “they should register on this website [link provided] before they have a second baby.
According to the announcement made by Beijing’s local government, there is a law to require a citizen to register and apply