1.37bn records from somewhere to leak on Monday
Not us, says India. Which leaves China, Facebook, Tencent, YouTube and …. ?
Updated “Data breach hunter” Chris Vickery has claimed that he will shortly reveal a “1.4 billion identity leak”.
1.4 billion identity leak story incoming Monday morning.— Chris Vickery (@VickerySec) March 3, 2017
Thanks go to @SteveD3 (and someone else) for cooperating on investigation.
He later offered a teaser of the leak, also reducing the number of identities by 30,000 30 million.
Teaser screenshot of that DB's summary data: pic.twitter.com/PEnpJbDZRt— Chris Vickery (@VickerySec) March 4, 2017
Vickery, of MacOS security software house MacKeeper, has good form finding breaches: he spotted one involving US Military Special Operations Command healthcare professionals and the Trump-for-president campaign's leaky AWS server.
Speculation as to the identity of the victim is naturally rife and as the size of the breach is huge, the list of candidates is short.
Close to the top of the list is “Aadhaar”, India's biometrics database of its citizens. But the Government of India quashed what it labelled “misinformation in some news items and articles appearing in various print and social media during the last few days” by issuing a statement saying, in part, that there has been “no incident of misuse of Aadhaar biometrics leading to identity theft and financial loss during the last five years.”
The only other nation with the potential for a database to contain 1.37bn identities is China, and it's been busy with the set piece of the National People's Congress over the weekend.
Which brings us to other candidates, namely:
- Facebook: And wouldn't plenty of folks love to see The Social Network™ take a fall? Is thought to have over 2bn subscribers for its main service, about the same for Messenger and around half that for subsidiary WhatsApp;
- YouTube: See above for schadenfreude value, but don't get excited as is not thought to have 1.37bn users;
- WeChat: Chinese chat platform is thought to have 1bn+ users, with a fair few beyond the Middle Kingdom
- Tencent: Chinese IM platform QQ and social network Qzone are both thought to have over a billion users;
- Yahoo!: As we discovered last week, Yahoo!'s security processes were dysfunctional and its billion-plus user database has already been raided twice. Bad news comes in threes …
- Apple: Cupertino has sold a billion iPhones, plus stacks of iPods and Macs. Lots of repeat customers mean it may struggle to hit the 1.37bn identities mark, but Vickery hasn't said they're unique Identities;
- Microsoft: With more than 2bn PCs in operation, Redmond has data on an awful lot of people. Can't be ruled out. See logic for Apple, too;
- A data harvesting company: The likes of Oracle, Salesforce and Wayin have colossal databases of individuals and businesses they sell to marketers and others, and claim to have hundreds of millions of records. Can't be discounted.
Whoever it is, come Monday US time it looks like plenty of us will be changing passwords and/or deleting accounts. Again. ®
Updated to add
False alarm, folks.