Millions of people in China who use loan apps to borrow money have ended up paying with their privacy. A security researcher discovered a public database left exposed online containing sensitive data on more than 4.6 million devices, including location history, debt logs, financial information and contacts.
The database had over 899 gigabytes of data coming from more than 100 loan-related apps in China, according to Anurag Sen, an independent security researcher who discovered the leak. The public database was growing, as these apps gathered data on people’s activities and stored it the unsecured server in real time.
Sen said his team notified Alibaba on July 11, which hosted the server, but was unable to contact the database’s owner. Looking at the type of data stored, it most likely belongs to a marketing agency for mobile apps, Sen said.