The exposed data, now disappeared from the internet, belongs to a tech company called Xinai Electronics based in Hangzhou district, reports TechCrunch.
In volume, the cyber heist is second to another massive data leak of 1 billion records from a Shanghai police database last month.
In both the cases, the data was likely exposed “inadvertently and as a result of human error”, the report mentioned.
Xinai Electronics uses facial recognition to build systems for controlling access for people and vehicles to workplaces, schools, construction sites and parking garages across China.
It also uses facial recognition for “personnel management, like payroll, monitoring employee attendance and performance”.
Its Cloud-based vehicle license plate recognition system allows drivers to pay for parking in unattended garages.
Security researcher Anurag Sen found the exposed database on an Alibaba-hosted server in China and shared the information with TechCrunch.
The database included links to high-resolution photos of faces and also had records of vehicle license plates collected by Xinai cameras in parking garages, driveways and other office entry points, the report noted.
Xinai Electronics did not comment and the exposed database disappeared by mid-August, said the report.
Last month, sensitive personal information about more than a billion people was leaked from the Shanghai National Police (SHGA) database and was put up for sale on the Dark Web for 10 Bitcoins.
Rattled by the data leak, the Chinese authorities summoned executives and senior technicians from Alibaba Group, after the hacker claimed the data came from Alibaba server.
China Premier Li Keqiang had stressed about data security, calling on government bodies to “defend information security” after the incident.