Close this search box. white logo

CloudDefense.AI Discovers Over 3.3 Millions of Chinese IDs Exposed Online

New cybersecurity concerns have risen as a security researcher has made an alarming discovery millions of data lying on the internet pertaining to Chinese citizens who have shopped from a specific ecommerce site. 

The finding was discovered by CloudDefense.AI recently. Our cybersecurity researcher, Viktor Markopoulos, has reported the issue. He further added that the data was extracted from a database belonging to a Chinese e-commerce site named Zhefengle that provided import services to its clients. 

Immediate Actions Taken

Shortly after the discovery, the e-commerce site was contacted with the details of its breach, and the database was made inaccessible to the Internet. A C-level executive from the site responded that they’ve mitigated the vulnerability and are currently conducting an internal audit to derive the cause of the exposure. 

CloudDefense.AI Discovers Over 3.3 Millions of Chinese IDs Exposed Online

Viktor also mentioned that the database was not password-protected and contained approximately 3.3 Million orders made to the site. It consisted of the addresses where the orders were shipped, the personal phone numbers, and the Chinese resident identity card numbers of the respective customers. 

As verified by him, almost all online import service providers in China require their customers to upload pictures of their Identity Card numbers on their platforms before their orders are processed. 

Duration of Exposure

As reported on Tech Crunch, we haven’t found out how long the database has been available on the Internet, but we have derived that it contains orders from 2015 up to 2020. Being unprotected, anyone connected to the internet could access the database simply through their browsers. 

Though the damage done is still unknown, it raises concerns about identity theft and other probable malicious activities carried out by threat actors.  

Learning from this Incident

This data breach stands as a lesson for all companies worldwide, showing them how data security cannot be taken lightly at all. Viktor highlights the importance of using password protection and other authentication methods very strongly as he studies the case.

Encrypting data and only storing it in personal servers is just as necessary so that the data cannot be decoded even if there is an exposure. Viktor went on to say that the exposure wouldn’t have taken place if the company had kept the database secure with a VPN and a firewall. 

How CloudDefense.AI can help you to stay protected

CloudDefense.AI strives to save its clients from such data breaches. Our top-of-the-market CNAPP ensures cloud security is not compromised as we help enterprises implement access controls, identity management, and other user authentication methods. 

We excel in providing you with Application security tools that ensure security is maintained throughout the development cycle, keeping vulnerabilities as low as possible. That’s not all; we provide an unfair advantage over cyberattackers as you identify exposable vulnerabilities through our game-changing Hacker’s View™ capabilities, outsmarting any cloud security tool in the market.  


In summary, CloudDefense.AI’s Viktor Markopoulos has done an outstanding job by discovering a major cybersecurity breach at an e-commerce site named Zhefengle that left nearly 3.3 Million citizens exposed to identity theft. Zhefengle, once notified, took down their database from the internet. This incident serves as a crucial lesson for all companies on the importance of data security.

Blog Footer CTA
Table of Contents
favicon icon
Are You at Risk?
Find Out with a FREE Cybersecurity Assessment!
Picture of Anshu Bansal
Anshu Bansal
Anshu Bansal, a Silicon Valley entrepreneur and venture capitalist, currently co-founds CloudDefense.AI, a cybersecurity solution with a mission to secure your business by rapidly identifying and removing critical risks in Applications and Infrastructure as Code. With a background in Amazon, Microsoft, and VMWare, they contributed to various software and security roles.
Protect your Applications & Cloud Infrastructure from attackers by leveraging CloudDefense.AI ACS patented technology.

579 University Ave, Palo Alto, CA 94301

Book A Free Live Demo!

Please feel free to schedule a live demo to experience the full range of our CNAPP capabilities. We would be happy to guide you through the process and answer any questions you may have. Thank you for considering our services.

Limited Time Offer

Supercharge Your Security with CloudDefense.AI