A data leak discovered by a Dutch internet expert has revealed over 2.5 million people who are under active surveillance by a Chinese government contractor, reports Reuters.

FILE PHOTO - Security cameras are installed at the entrance to the Id Kah Mosque during a government organised trip in Kashgar, Xinjiang Uighur Autonomous Region, China, January 4, 2019. Picture via REUTERS/Ben Blanchard

An exposed database maintained by Shenzhen-based facial-recognition technology company SenseNets Technology revealed ID card numbers, birth dates and location data which went unprotected for months, according to Victor Gevers, co-founder of GDI.Foundation - a nonprofit organization which hunts for critical vulnerabilities around the internet.

Exposed data also showed about 6.7 million location data points linked to the people which were gathered within 24 hours, tagged with descriptions such as “mosque”, “hotel,” “internet cafe” and other places where surveillance cameras were likely to be found. -Reuters

"It was fully open and anyone without authentication had full administrative rights. You could go in the database and create, read, update and delete anything," said Gevers.

SenseNets contracts with police departments across China, and is a subsidiary of Shenzhen-listed NetPosa Technologies Ltc, which has offices in several Chinese provinces and regions, including Xinjiang.

Gevers said GDI.Foundation immediately alerted SenseNets to the vulnerability. While they did not respond, they took steps to secure the database.

Beijing has been at the forefront of facial recognition technology, such as their "SkyNet" system deployed in over 16 provinces, cities and autonomous regions which can instantly scan faces and compare them to a database of criminal suspects at a speed of 3 billion times per second, according to People's Daily.