An unsecured database online has been discovered by Victor Gevers, of the non-profit group GDI.Foundation, which supports an open internet. The database reportedly contains the name, sex, ethnicity, ID number, birth date and employer of residents in China’s western province of Xinjiang.
It also included 6.7m location points of “trackers” that residents had passed in the last 24 hours, including mosques, hotels, police stations and internet cafes. Trackers can be CCTV cameras as well as handheld devices equipped with cameras or ID scanners.
As reported by the Guardian, the database, by Shenzhen-based SenseNets Technology, appeared to have been open and accessible by anyone for the last seven months.
“This insecure face recognition/personal verification solution is built and operated for only one goal. It’s a ‘Muslim tracker’ funded by Chinese authorities in the province of Xinjiang to keep track of Uyghur Muslims,” Gevers posted on Twitter.
According to a report last year by Human Rights Watch, many Uighur families have QR codes fixed to their homes so local police can scan them for the family’s details.
According to the Guardian, SenseNets (which works with Chinese police) secured the database after Gevers flagged the breach. According to its website, the company offers “intelligent video analysis”, with facial recognition, real-time crowd analysis and verification software.
Neither SenseNets nor the Xinjiang regional government have commented on the database.