Chinese company leaves Muslim-tracking facial recognition database exposed online | ZDNet

One of the facial recognition databases that the Chinese government is using to track the Uyghur Muslim population in the Xinjiang region has been left open on the internet for months, a Dutch security researcher told ZDNet.

The database belongs to a Chinese company named SenseNets, which according to its website provides video-based crowd analysis and facial recognition technology.

Yesterday, Victor Gevers, a well-known security researcher that made a name for himself in the past few years by finding leaky MongoDB databases did what he does best and found one of SenseNets' MongoDB databases that had been left exposed online without authentication.

Gevers told ZDNet that the database contained information on 2,565724 users, along with a stream of GPS coordinates that came in at a rapid pace.

The user data wasn't just benign usernames, but highly detailed and highly sensitive information that someone would usually find on an ID card, Gevers said. The researcher saw user profiles with information such as names, ID card numbers, ID card issue date, ID card expiration date, sex, nationality, home addresses, dates of birth, photos, and employer.