Massive Chinese data breach allegedly spills 8.7 billion records - here's what we know

1. Pro
2. Security

Massive Chinese data breach allegedly spills 8.7 billion records - here's what we know News By Sead Fadilpašić published 4 February 2026

Someone kept a gigantic database unlocked on the internet

When you purchase through links on our site, we may earn an affiliate commission. Here’s how it works.

(Image credit: Shutterstock)

• Copy link
• Facebook
• X
• Whatsapp
• Reddit
• Pinterest
• Flipboard
• Threads
• Email

Share this article 0 Join the conversation Follow us Add us as a preferred source on Google Newsletter Tech Radar Get the TechRadar Newsletter

Sign up for breaking news, reviews, opinion, top tech deals, and more.

Contact me with news and offers from other Future brands Receive email from us on behalf of our trusted partners or sponsors By submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

You are now subscribed

Your newsletter sign-up was successful

An account already exists for this email address, please log in. Subscribe to our newsletter

• Exposed Elasticsearch cluster leaked 8.7 billion records of Chinese individuals and businesses
• Data included PII, plaintext passwords, and corporate registration details
• Cluster likely run by data brokers; hosted on bulletproof provider, now locked down after discovery

One of the largest data leaks ever to happen in China has been detected after security researchers from Cybernews reported coming across an exposed Elasticsearch cluster that contained more than 160 indices.

These indices held approximately 8.7 billion records, primarily of Chinese individuals.

The records contained all sorts of personally identifiable and sensitive data, including names, addresses, phone numbers, birth dates, gender information, social media identifiers, and plaintext passwords. They also contained various corporate and business records such as company registration details, legal representatives, business contact information, and registration addresses and licensing metadata.

You may like

• 16TB of corporate intelligence data exposed in one of the largest lead-generation dataset leaks
• Massive breach leaks 45 million French records: demographic, healthcare, and financial data all leaked, here's what we know
• Data breach at mysterious Chinese firm reveals state-owned cyber weapons and even a list of targets

Long-running aggregation effort

The researchers could not determine who the owner of the database is, so there is no confirmation if this was a malicious act, or not. Cybernews says the cluster resembles what data brokers usually do, since it was highly organized and thoroughly segmented.

Since it was open for three weeks, it is possible that it was picked up by threat actors in the meantime.

“Despite the short exposure window, the scale of the dataset means that automated scraping during this period could have resulted in widespread secondary dissemination,” the researchers said.

The data belongs mostly to people in mainland China, but victims are scattered across multiple Chinese provinces.

Are you a pro? Subscribe to our newsletter

Sign up to the TechRadar Pro newsletter to get all the top news, opinion, features and guidance your business needs to succeed!

Contact me with news and offers from other Future brandsReceive email from us on behalf of our trusted partners or sponsorsBy submitting your information you agree to the Terms & Conditions and Privacy Policy and are aged 16 or over.

The database may have been open for mere weeks, but it probably took a lot longer to harvest all of it. Apparently, this wasn’t done in a single swoop, and the data was likely scraped from different sources.

“The presence of timestamps and import dates points to a long-running aggregation effort rather than a single historical breach,” the team explained.

Investigators managed to find the provider that hosted the cluster. It is a bulletproof hosting company, “commonly associated with high-risk or non-compliant data operations.” After being notified, the provider locked the database down, it seems.

The best antivirus for all budgetsOur top picks, based on real-world testing and comparisons

➡️ Read our full guide to the best antivirus1. Best overall:Bitdefender Total Security2. Best for families:Norton 360 with LifeLock3. Best for mobile:McAfee Mobile Security

Follow TechRadar on Google News and add us as a preferred source to get our expert news, reviews, and opinion in your feeds. Make sure to click the Follow button!

And of course you can also follow TechRadar on TikTok for news, reviews, unboxings in video form, and get regular updates from us on WhatsApp too.

Sead FadilpašićSocial Links Navigation

Sead is a seasoned freelance journalist based in Sarajevo, Bosnia and Herzegovina. He writes about IT (cloud, IoT, 5G, VPN) and cybersecurity (ransomware, data breaches, laws and regulations). In his career, spanning more than a decade, he’s written for numerous media outlets, including Al Jazeera Balkans. He’s also held several modules on content writing for Represent Communications.

View More

You must confirm your public display name before commenting

Please logout and then login again, you will then be prompted to enter your display name.

Logout Read more 16TB of corporate intelligence data exposed in one of the largest lead-generation dataset leaks    Massive breach leaks 45 million French records: demographic, healthcare, and financial data all leaked, here's what we know    Data breach at mysterious Chinese firm reveals state-owned cyber weapons and even a list of targets    Huge data leak of 149 million credentials exposed without any protection – 98GB of unique usernames and passwords from financial services, social media accounts and dating apps    Shock report claims Android apps have leaked over 730TB of user data and Google secrets - here are some of the worst offenders around    Massive data breach sees credit card details of over 5.6 million victims leaked - here's what we know    Latest in Security More than 40,000 WordPress sites affected by new malware flaw - find out if you're affected    Linux users report Microsoft's Visual Studio Code Snap package isn't actually deleting files    Microsoft warns infostealer malware is 'rapidly expanding beyond traditional Windows-focused campaigns' and targeting Mac devices    Coinbase reveals insider breach did take place, customer info compromised    Russian hackers are targeting a new Office 365 zero-day, so patch now or face attack    Dangerous new malware targets macOS devices via OpenVSX extensions - here's how to stay safe    Latest in News 'A bet for the future of cybersecurity' – Nord Security hits 400 patents as race for solutions against next-gen threats heats up    'Companies that are not set up to quickly adopt AI workers will be at a huge disadvantage': OpenAI Sam Altman warns firms not to fall behind on AI - but notes 'it’s going to take a lot of work and some risk'    AMD CEO assures us that Steam Machine is on track to ship 'early this year'    A next-gen Xbox could be here in 2027, but Microsoft's in a rough spot    Exclusive: Disney+ just added We Call It Imagineering, with new episodes on the way    Alexa+ is now available for free to everyone in the US – but be cautious    LATEST ARTICLES

1. 1Massive Chinese data breach allegedly spills 8.7 billion records - here's what we know
2. 2More than 40,000 WordPress sites affected by new malware flaw - find out if you're affected
3. 37 privacy tips for your Android device to avoid prying eyes
4. 4Can you cook eggs with an espresso machine? 5 steam wand hacks tried and tested
5. 5'Companies that are not set up to quickly adopt AI workers will be at a huge disadvantage': OpenAI Sam Altman warns firms not to fall behind on AI - but notes 'it’s going to take a lot of work and some risk'