A database left unprotected online reveals a creepy set of details collected on more than 1.8 million women in China. Apart from the regular info one would expect, like name, age, and date of birth, the data set also includes a "BreedReady" status.
The open database also contained phone numbers, GPS coordinates, URLs to photos, addresses, ID numbers, marital status, political and education related details, and a 'HasVideo' field. Combined, all these details paint an alarming picture of the data collection practices in China.
Victor Gevers, a well-known security researcher with the non-profit GDI Foundation, discovered the data trove while searching for unprotected databases in China, and there are tens of thousands of them.
He detected the database on Friday and tweeted a screenshot with the fields available, making sure to redact any identifiable information. By sharing his finding, Gevers was hoping to alert the owner of the database and take steps to limits its exposure.
In China, they have a shortage of women. So an organization started to build a database to start registering over 1,8 million women with all kinds of details like phone numbers, addresses, education, location, ID number, marital status, and a ”BreedReady" status? pic.twitter.com/fbRKsbNHPJ
— Victor Gevers (@0xDUDE) March 9, 2019
The most controversial field is 'BreedReady', which could indicate if that the woman is at a child-bearing age. Another interpretation is that this field indicates that the person may already have children.
Marital status == 已婚
— 玛莎拉弟 (@HugeCluster) March 10, 2019
BreadReady == 已育
Many Chinese Registration table include the above fields.
已育 means has children. I consider that programmer's English skill is poor.
The researcher also stated that the youngest woman with the status 'BreedReady:1' is 18 years old and the oldest is 39. If the BreedReady field meant that the person has children, it is strange that no one over 39 has a BreedReady value of 1.
The researcher also shared that most of the women are single (89%) and live in Beijing, with the youngest girl in the database being 15 years old.
Gevers says that he has seen his share of databases that include both an identity card number and a certificate number, but the fields in this collection "do not make any sense in a normal way."
There is also the 'HasVideo' status, which the researcher believes it means that the persons are being watched or monitored.
The researcher could not identify the owner of the open database, but his online posts generated enough attention to alert the right party. He tweeted today that the database is no longer reachable over the internet.
While the collected information defines a new frightening level, one explanation could be that the collection belongs to an online dating service that matches partners in Beijing according to criteria and details provided by the subscribers.
A darker alternative should not be dismissed, though. Only a week ago, Gevers found 18 unprotected databases with data from six social platforms in China. The content included names, ID numbers, and photos, GPS locations, network info, public and private conversations, and file exchanges.
Update [03.22.19]: Victor Gevers discovered two other databases with a similar schema. They were hosted on servers linked to a university in Shandong. He learned from a student that the "BreedReady" database was part of a scientific project on using big data to solve a social problem. Its originated from an official source and all identifiable information was real. Exposing it online happened because the internet provider had misconfigured firewall that allowed external traffic.
The original dataset came from an official source / a town register. So all the identifiable information was real production data According to the student, the ISP made a mistake by suddenly allowing traffic from the outside (via the internet) by making changes in the firewall.
— Victor Gevers (@0xDUDE) March 22, 2019
Comments
GT500 - 5 years ago
From 1980 to 2014 China had a strict "One-Child Policy", as well as a policy of forced sterilization:
https://www.nytimes.com/2017/01/07/world/asia/after-one-child-policy-outrage-at-chinas-offer-to-remove-iuds.html
Even though that may have changed, it makes sense that some agencies would keep databases of women with information on which ones were still capable of having children. Especially since the government had stated it would pay for removal if IUD's.
Also, in 2015 Amnesty International claimed that forced sterilization and forced abortions were not stopping in China, however I have not seen any other mention of these policies continuing:
https://www.amnesty.org/en/latest/news/2015/10/china-one-child-reform/
NoneRain - 5 years ago
Thanks for the relevant infos with the sources.