According to Victor Gevers, co-founder of GDI Foundation, the Beijing firm SenseNets Technology has "highly detailed and highly sensitive information" on millions of residents in China's Xinjiang which was laid open for anyone with the proper URL.
The breached data included residents' names, ID card numbers, addresses, dates of birth, employers, as well as a list of GPS coordinates updating in real time. The GPS data points were also marked with descriptions such as "mosque," "hotel" or "internet cafe."
"It was fully open and anyone without authentication had full administrative rights. You could go in the database and create, read, update and delete anything," Gevers — whose GDI group aims to "detect & analyze high risk ‘criminal' opportunities, share the risk and vulnerabilities with everybody, inform the ones who are at risk and give free advice about a solution," said, cited by the South China Morning Post (SCMP).
According to Gevers, he quickly informed SenseNets of its vulnerability. Although the technology firm did not respond directly to him, they have since taken steps to protect their data, according to SCMP.
China has faced backlash from foreign governments and activists over the country's detention and surveillance of millions of its Muslim Uyghur minority. The Uyghurs, a Turkic ethnic group concentrated in the country's northwest, mainly in Xinjiang province, have an estimated population of about 10 million, although some estimates suggest that number is too low.
In recent years, Beijing has expanded its mass surveillance network, claiming to use artificial intelligence, facial recognition and massive data collection as a means to reduce crime rates in the countryside, an area the government claims is short of security forces.
In December 2018, a bathroom in the Baotu Spring Park in Jinan, the capital of China's Shandong province, saw the installation of facial-recognition technology in a toilet paper dispenser to cut down on theft and waste, Sputnik previously reported.