Do Son 
China has reportedly experienced what may be the most significant data breach in its history: approximately 4 billion records containing financial information, data from WeChat and Alipay, and other sensitive personal details have been exposed online. The total volume of the leaked database amounts to 631 gigabytes. The revelation comes from researchers at Cybernews and cybersecurity expert Bob Diachenko of SecurityDiscovery.com.
According to expert assessments, hundreds of millions of individuals—predominantly Chinese citizens—may have been affected. The compromised data includes bank card numbers, full names, phone numbers, residential addresses, and social media information, including user identifiers and metadata from WeChat and Alipay. Disturbingly, those whose data has been exposed have no recourse—no notifications, no compensation, and no means to prevent further dissemination.
Researchers believe the database was compiled deliberately and over an extended period, possibly to construct behavioral, economic, and social profiles of nearly every citizen of the People’s Republic of China. The sheer volume and variety of the data suggest a centralized source, potentially used for surveillance, analytics, or cross-referencing with other datasets.
During the course of their investigation, experts managed to examine 16 distinct data collections before the server hosting them was taken offline. The largest, titled “wechatid_db”, contained over 805 million records, presumably consisting of WeChat user identifiers. The second-largest, “address_db”, held 780 million records of residential addresses and geographic coordinates. The third, “bank”, comprised more than 630 million entries detailing payment information, including dates of birth, phone numbers, and full names.
Another major collection, labeled in Chinese and roughly translated as “three-factor verification,” included more than 610 million records, presumably with ID numbers, phone numbers, and login credentials. A separate archive named “wechatinfo” encompassed 577 million entries, apparently containing user conversations or metadata.
Additionally, over 300 million records related to Alipay—China’s leading payment platform—were compromised. The “zfbkt_db” collection included token and card data, while another dataset featured extensive financial details. This combination enables threat actors to execute unauthorized transactions, hijack user accounts, and fabricate digital identities.
The database also contained information on employment, pension funds, insurance policies, vehicle registrations, gambling activity, and even data believed to pertain to Taiwan. Across the remaining nine collections, an additional 353 million records were cataloged.
Cybernews emphasizes that attributing ownership of the database is impossible, as neither headers nor metadata point to any specific organization. Shortly after the findings were published, researchers lost access to the server, and no official notifications have been issued to affected individuals.
While China has faced large-scale breaches in the past—most notably in 2022, when 1.5 billion records from Weibo, DiDi, and even the Shanghai Communist Party were leaked—this latest breach is unparalleled in scale, marking the largest known incident of its kind.
Donate