Massive Chinese data breach allegedly spills 8.7 billion records - here's what we know

Someone kept a gigantic database unlocked on the internet

News By Sead Fadilpašić published 4 February 2026

(Image credit: Shutterstock)

• Copy link
• Facebook
• X
• Whatsapp
• Reddit
• Pinterest
• Flipboard
• Threads
• Email

Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Tech Radar Get the TechRadar Newsletter

Sign up for breaking news, reviews, opinion, top tech deals, and more.

Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors

By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

You are now subscribed

Your newsletter sign-up was successful

An account already exists for this email address, please log in. Subscribe to our newsletter

• Exposed Elasticsearch cluster leaked 8.7 billion records of Chinese individuals and businesses
• Data included PII, plaintext passwords, and corporate registration details
• Cluster likely run by data brokers; hosted on bulletproof provider, now locked down after discovery

One of the largest data leaks ever to happen in China has been detected after security researchers from Cybernews reported coming across an exposed Elasticsearch cluster that contained more than 160 indices.

These indices held approximately 8.7 billion records, primarily of Chinese individuals.

The records contained all sorts of personally identifiable and sensitive data, including names, addresses, phone numbers, birth dates, gender information, social media identifiers, and plaintext passwords. They also contained various corporate and business records such as company registration details, legal representatives, business contact information, and registration addresses and licensing metadata.

Long-running aggregation effort

The researchers could not determine who the owner of the database is, so there is no confirmation if this was a malicious act, or not. Cybernews says the cluster resembles what data brokers usually do, since it was highly organized and thoroughly segmented.

Since it was open for three weeks, it is possible that it was picked up by threat actors in the meantime.

“Despite the short exposure window, the scale of the dataset means that automated scraping during this period could have resulted in widespread secondary dissemination,” the researchers said.

The data belongs mostly to people in mainland China, but victims are scattered across multiple Chinese provinces.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsors