A Chinese surveillance firm is tracking the movements of more than 2.5 million people in the far-western Xinjiang region, according to a data leak flagged by a Dutch internet expert.
An online database containing names, ID card numbers, birth dates and location data was left unprotected for months by Shenzhen-based facial-recognition technology firm SenseNets Technology, according to Victor Gevers, co-founder of non-profit organisation GDI.Foundation, who first noted the vulnerability in a series of social media posts last week.
Exposed data also showed about 6.7 million location data points linked to the people which were gathered within 24 hours, tagged with descriptions such as "mosque", "hotel", "internet cafe" and other places where surveillance cameras were likely to be found.
"It was fully open and anyone without authentication had full administrative rights. You could go in the database and create, read, update and delete anything," Gevers said.