Shanghai Jiao Tong University in China was found to have leaked a huge amount of metadata related to a vast number of emails.
According to the report from RainbowTable.ES, 9.5 billion rows of data which roughly translates to 8.4TB of data were exposed. The data was email metadata from a popular self-hosted email platform known as Zimbra. The platform is owned by Synacor.
The email platform’s database was said to have been growing significantly even after the leak was discovered. In fact, the database had grown to 8.4TB on May 24 from the 7TB on May 23. The university was notified of the database leak on May 22 and the database was secured by the University’s security team on May 24.
The researcher was able to locate all email being sent or received by a specific person based on the leaked metadata. Additionally, the metadata also included the IP address and user agent of the person checking their email. This means that all the IPs used and device type of a specific person can also be ascertained. Specifically, the metadata could be used to discover high-level details of a specific email exchange. This includes email address sending or receiving an email from a different email address.
The leak was reported and acted upon promptly by the Shanghai Jiao Tong University’s security team. They immediately secured the database as soon as they were notified of the leak but the University has not notified the affected students yet or stated whether they have any intention of doing so.
Shanghai Jiao Tong University has often bee known as the “The MIT of the East” since the 1930s. It has more than 41,000 enrolees consisting of undergrad, masters, and Ph.D. programs. With the amount of metadata leaked, who knows how many of these students were affected and their information exposed – even if only for a brief time. It’s a good thing the email metadata did not contain the subject line or the body of the emails.