-
A threat actor claims to be selling data allegedly linked to Tianyancha, one of China’s largest corporate intelligence and business information platforms.
-
The listing advertises roughly 2 million records containing company-related information, contact details, and business registration data.
-
Security analysts warn that if the dataset proves authentic, threat actors could use the information to support phishing campaigns, business email compromise schemes, and corporate espionage operations.
A threat actor has reportedly listed a database allegedly connected to Tianyancha for sale on a cybercrime platform, raising concerns about the potential exposure of millions of corporate records.
Tianyancha ranks among China’s most widely used business intelligence and corporate information services. Companies, investors, compliance teams, and researchers frequently rely on the platform to conduct due diligence, assess risks, verify suppliers, and investigate corporate entities.
Threat Actor Advertises Alleged Tianyancha Database
According to the sale listing, the dataset contains approximately 2 million records. The threat actor claims the information includes company names, corporate registration details, industry classifications, government registration identifiers, company status records, email addresses, mobile phone numbers, business scope information, legal representative details, and credit-related operational data.
The sample data shared in the advertisement appears to focus primarily on corporate and business intelligence records rather than personal consumer accounts.
At the time of reporting, no independent verification has confirmed the authenticity of the dataset or the threat actor’s claims. Tianyancha has not publicly confirmed any security incident related to the alleged records.
Corporate Intelligence Platforms Remain Attractive Targets
Business intelligence platforms hold vast amounts of corporate metadata gathered from both public and proprietary sources. As a result, cybercriminals often view them as valuable repositories of commercial intelligence.
Security analysts note that platforms such as Tianyancha provide visibility into company structures, ownership relationships, executive information, operational details, and business networks. If threat actors gain access to such information, they can potentially build detailed profiles of organizations across multiple industries.
The alleged dataset’s inclusion of company contact information and business registration records could make it particularly attractive to cybercriminal groups seeking to identify high-value targets. Attackers frequently combine information from multiple sources to increase the effectiveness of their operations and improve the credibility of fraudulent communications.
Researchers also point out that corporate data often retains value for extended periods because ownership structures, business relationships, and organizational hierarchies do not change as rapidly as personal consumer information.
Corporate access is also being sold on dark web markets. Hackers are offering corporate network and Italian airport access for sale, showing how criminals monetize business infrastructure in different ways.
Analysts Warn of Potential Cybersecurity Risks
According to cybersecurity analysts, a dataset of this scale could create significant risks if malicious actors obtain and weaponize the information.
The experts explain that threat actors often use corporate intelligence records to conduct targeted phishing campaigns against employees and executives. Access to company structures and contact details can help attackers craft convincing messages that appear legitimate.
Analysts further note that criminals may leverage such information to support business email compromise attacks, supply chain intrusion attempts, and broader corporate espionage activities.
Detailed visibility into ownership networks, operational relationships, and organizational contacts can provide adversaries with valuable intelligence for planning future campaigns.
According to the analysts’ assessment, verified access to extensive corporate records could give cybercriminal groups, fraud operators, and even state-aligned actors deeper insight into business operations, ownership connections, and internal structures across affected organizations.
For now, the reported sale remains an unverified claim. However, the incident highlights the growing value of corporate intelligence databases within underground cybercrime markets and the increasing interest threat actors show in large-scale business information repositories.
