12306

In 2018, a massive data leak occurred at 12306.cn, a Chinese railway ticketing website. The leak exposed the personal information of over 585,000 users, including their names, ID numbers, phone numbers, email addresses, and travel history.

The leak was initially discovered by security researchers at Qihoo 360, a Chinese cybersecurity firm. The researchers found that a misconfigured Amazon Web Services (AWS) S3 bucket was storing the sensitive data without proper access controls. This allowed anyone with the buckets URL to access and download the data.

The leaked information was highly sensitive and could potentially be used for identity theft, fraud, or other malicious purposes. The Chinese government launched an investigation into the leak, and the websites operator was fined for failing to adequately protect user data.