![d4d6dcc1a90762e53a11b002a18f28ba.jpg](https://www.securitylab.ru/upload/iblock/d4d/d4d6dcc1a90762e53a11b002a18f28ba.jpg)
Unknown persons published unencrypted e-mail addresses and passwords of users in the public domain. Security researcher Bob Diachenko discovered the unsecured Elasticsearch database on December 4 this year, but it was indexed by the BinaryEdge search engine at the beginning of the month and has been in the public domain ever since. Dyachenko notified the relevant ISP of the incident, and the database was secured on December 9.
The database contained 2.7 billion email addresses and over 1 billion unencrypted passwords for them. As shown by the analysis of the database, most of the data is a leak, put up for sale by a cybercriminal under the pseudonym DoubleFlag in early 2021. The leak, titled The Big Asia Leak, included user data from a number of Chinese internet companies, including NetEase, Tencent, Sohu, and Sina.
The new 1.5TB leak mainly contains email addresses from Chinese users (qq.com, 139.com, 126.com, gfan.com, and game.sohu.com). Most of the usernames are sets of numbers or phone numbers. Comparitech explained that such usernames are typical for Chinese people who have difficulty with the characters of the Latin alphabet.
Who owned the open database is unknown. In theory, it could have been collected in the first phase of a credential stuffing attack or spam campaign.