2.5 million "sex chat" records were exposed, the culprit was named "Chengdu High-tech Zone"
Posted Jun 16, 2020 • 3 min read
![AWS]( https://i0.wp.com/segmentfault.comhttps://timgsa.baidu.com/timg?image&quality=80&size=b9999_10000&sec=1592288412058&di=fadf7d89297469a054a62882439918d0&imgtype=0&src=http%3A%2F%2F5b0988 .sohucs.com%2Fimages%2F20181130%2Fcd3f5bd2dba74aad99865404442cf290.jpeg "AWS")
Technical Editor:Zong En SiFou Office
SegmentFault thought to report public number:SegmentFault
From foreign media sources, when two security researchers Noam Rotem and Ran Locar scanned the open Internet on May 24, they stumbled upon a set of publicly accessible Amazon web service "data repository". Each library contains a lot of data from different professional dating apps, including 3somes, Coupley, Gay Daddy Bear, Xpal, BBW Dating, Casualx, SugarD, Herpes Dating and GHunt.
The two researchers found a total of 845 gigabytes and nearly 2.5 million records in the "data repository", which may come from hundreds of thousands of users.
According to security personnel, there are sex photos, audio recordings, private chat screenshots and payment receipts in these data, and these screenshots are enough to prove that this is a "transaction". The exposed personally identifiable information includes real name, birthday and email address. Security researcher Locar is very surprised that he found these data. If these data are used for extortion and psychological abuse, they will cause double economic and psychological losses to these users.
Spearhead pointed at "Chengdu High-tech Zone"
When the researchers traced the exposed database in depth, they realized that all applications seemed to come from the same source. And their infrastructure is quite unified, the application sites have the same layout, and many applications are listed as "Chengdu High-tech Zone" as the developer of Google Play. The researchers contacted 3 somes. The next day, they received a short response and all databases were locked at the same time. After that, they tried to contact "Chengdu High-tech Zone", but received no response.
A similar incident happened last year. Researchers at the network security company UpGuard found that a large amount of Facebook user information was publicly posted on Amazon s cloud computing servers, and Mexico City s media company Cultura Colectiva incorrectly publicly stored the records of 540 million Facebook users, including identification numbers, comments and account name.
In a total of 146G of Cultura Colectiva data set, the researchers said it was difficult to know how many Facebook users were affected. UpGuard said it also encountered difficulties in closing the database. The company spent several months emailing Cultura Colectiva and Amazon to remind them of this problem. The leak was not resolved until Facebook contacted Amazon.
Facebook's stock price also fell sharply.
This is not hacking, but just sloppyly mistakenly storing the data address and allowing the data to be accessed by mistake.
Programs like Amazon Web Services simple storage service are essentially a hard drive with Internet access, which provides customers with a choice of which part of the person to see the data. Sometimes this information is designed to be publicly available, such as caches of photos or other images stored on the company s website. But sometimes he can also be made public. Usually, this is an insignificant error at best, but if it is important data like the above, it will cause a huge disaster.
To avoid such errors, AWS and other cloud providers have added many security mechanisms to repeatedly warn users when the user storage database is configured to be publicly accessible. This problem is well known throughout the security industry. But there are still countless mistakes leading to exposure.