Explicit Photos, Audio, and Video, Leaked from a Private Social Network (130K+)
Table of Contents
- By Dawna M. Roberts
- Published: Nov 12, 2020
- Last Updated: Mar 18, 2022
CyberNews reported this week that more than 130K explicit pictures, audio clips, and videos were leaked from a database that belongs to a private social network.
LimitChat Users at Risk
Although the information about the treasure trove of explicit content is unclear, evidence suggests that it belongs to a Chinese company that has been siphoning off data from various social media platforms, one in particular called LimitChat.
The bucket was found unsecured on Amazon S3, and after exposure, Amazon shut it down. Except for the images and multi-media content, there is no personally identifiable information to be concerned about; however, the photos are enough. Most are "not" of people's faces.
Experts believe that these pictures were collected as part of a ransomware attack where the owners would be contacted and asked for money to remove them or destroy the evidence. Threat analysts warn LimitChat users to be aware that hackers could approach them with such intent. They also cite the developers of LimitChat with the responsibility of not having secured their platform well enough.
China at it Again
The Chinese-based company TikTok was recently accused of spying on users and collecting data, and due to Chinese evidence found in this new data leak, experts are wondering if it isn't all connected.
Just last month, Gizmodo reported that a data leak exposed another Chinese firm that collected millions of pieces of data from social media, including that of 50,000 Americans. Researchers discovered the database containing 2.4 million people's social media feeds in mid-September. Cybersecurity researchers in Australia posted an article that cited a Beijing company called Shenzhen Zhenhua Data Technology who owned the database. Their report mentioned that the data was "compiled from various sources [and] is technically complex using very advanced language, targeting, and classification tools."
What Does China Want with the Information?
Some of the data they found was obtained legally through data scraping, but the majority appears to have been grabbed from private sources, possibly illegally. The technology used was quite sophisticated, researchers commented.
What concerns researchers the most is what the data is being used for. Various reports litter the internet about Chinese-backed hacking attacks and the collection of vast storehouses of data to be used for multiple agendas. Although the data exposed a lot of personal users' lifestyle data, it's nothing that can be used against the federal government or for military targeting.
The two researchers responsible for finding the data say that "The data collected about individuals and institutions and the overlaid analytic tools from social media platforms provide China enormous benefit in opinion formation, targeting, and messaging. From the assembled data, it is also possible for China even in individualized meetings to be able to craft messaging or target the individuals they deem necessary to target."
The Bottom Line
The bottom line is that it's anyone's guess what the information is for and how they expected to use it. According to Gizmodo in their recent article, "China has built an elaborate domestic digital surveillance state involving everything from face recognition to content monitoring and censorship, but it's not by any stretch of the imagination the only actor scraping the web. U.S. firms do too, whether it's the incomprehensible amount of data sucked up for marketing purposes or shady face recognition companies working with police. Anyone exposed in a prior data breach could find their information resurfacing any number of other places.”
When pressed by the Guardian, a company spokesperson told them, "Our data are all public data on the internet. We do not collect data. This is just a data integration. Our business model and partners are our trade secrets. There is no database of 2 million people." They followed that up with, "We are a private company,. Our customers are research organisations and business groups." Time will tell.