The cybersecurity researcher who discovered the “BreedReady” database said today that the said database was part of a school program on how to use Big Data to find solutions for social problems and confirmed that the original data set was part of a city registry rather than a fake and made-up dating app.
Victor Gevers, the cybersecurity researcher from GDI.Foundation, a non-profit organization that is known for uncovering cybersecurity vulnerabilities and reporting them to owners, said that a student came to him to explain that the leaked databases were “part of a science learning program for students on how to use Big Data to find a solution for a social problem.”
He also confirmed the earlier suspicion that the uncovered datasets were part of a government registry. He said that the “BreedReady” data was automatically populated based on age groups.
In Twitter, where he usually posts his discoveries, Gevers said that the “original dataset came from an official source / a town register; so all the identifiable information was real production data.”
This latest update confirms that the databases are from the Chinese government and not from a university. A Tweeter user indicated in Gever’s initial disclosure of the leak last week, that there is a town registry in every city in China that includes these kinds of information system and that he (Gevers) should contact the police station. Another one suggested that based on the Chinese characters, the BreedReady data is a government database. He said that the Chinese character translates to “registered in/from town” and it makes sense because the data “appears to contain a serial for the identity card.”
While another one suggested that the database may be used as a registration system used in China for people to give birth to a second child, it is still unclear if the registry that Gevers mentioned in his Tweet used for this purpose.
In his recent discovery, Gevers said that the database includes personal information of around 1.8 million Chinese women including their name, address, phone numbers and an interesting entry for “BreedReady” status. He posted a series of screenshots of the said database over the weekend.
“In China, they have a shortage of women. So an organization started to build a database to start registering over 1.8 million women,” Gevers wrote on his official Twitter account.
The database’s server can be traced to be located in China and includes field labeled in English for sex, age, education, marital status, as well as, a column titled “BreedReady,” which could be an inaccurate translation to describe if a woman is of child-bearing age. According to Gevers, anyone who has the IP address of the said database can access its content until it was taken down late on Monday afternoon, local time.
The database appears to be in binary and ones, and zeros are used to determine a “yes” and a “no” with “1” equals to “yes.” The database revealed that the age of women ranges from 15-years-old to 95-years-old. Grevers also said that the average age is 32-years-old.
“The youngest girl in this database is 15 [years] old. The youngest woman with BreadReady: “1” status is 18 [years old]. The average age is a bit above 32 [years old], and the most aged women with a BR: “1” is 39 and with BR:0 is 95,” Gever said.
According to the database, 89 percent of the women are single, 10 percent are divorced, and 1 percent are widowed. Interestingly, most of the women live in the city of Beijing (89%) and only around a tenth lived in a different town. It is still unclear if the database is a registry of women in Beijing only or for the whole of China.
In his tweet made 21 hours prior to writing, Gevers said that according to the student who clarified the purpose of the database, the internet service provider (ISP) linked to the university made a mistake by suddenly allowing traffic from outside (via the internet) by making changes in the firewall, thus exposing the data to the world.
He also clarified that the “database was NOT a (fake) dating app or website. Nor is there any proof this was a “Handmaid’s Tale” kind of project conducted by the Chinese government.”
Gevers expressed concerns as China’s data protection regulation was violated, and he thinks that it is likely the reason why there is no official statement made yet involving the exposed database. /apr