A hacker has claimed to have stolen a trove of personal information from the Shanghai police on one billion Chinese citizens.
Last week, an anonymous internet user going by the name of ‘ChinaDan’, posted on the hacker forum Breach Forums offering to sell the more than 23 terabytes (TB) of data for 10 bitcoin, equivalent to about £16,409.
‘In 2022, the Shanghai National Police (SHGA) database was leaked. This database contains many TB of data and information on Billions of Chinese citizen,’ the post said.
‘Databases contain information on 1 Billion Chinese national residents and several billion case records, including: name, address, birthplace, national ID number, mobile number, all crime/case details,’
On Monday, reporters from the Wall Street Journal downloaded the sample the hacker provided and called dozens of people listed, of which nine picked up and verified the data to be authentic.
On Monday, Zhao Changpeng, CEO of Binance, tweeted that the cryptocurrency exchange had stepped up user verification processes after the exchange’s threat intelligence detected the sale of records belonging to 1 billion residents of an Asian country on the dark web.
A hacker is selling an alleged 1 billion Chinese citizens’ information stolen from Shanghai police. @rachelliang5602 & I downloaded the sample the hacker provided and called dozens of people listed. Nine picked up & confirmed exactly what the data said. https://t.co/X0VhJaWjvb
Changpeng said that a leak could have happened due to ‘a bug in an Elastic Search deployment by a (government) agency’, without saying if he was referring to the Shanghai police case.
The scale of the attack would make it one of the biggest and worst data breaches in history.
The timing of the hack comes just a year after China passed new laws governing how personal information and data generated within its borders should be handled.
China’s Personal Information Protection Law requires government bodies to protect the information of citizens which in this case, if the source of the leak is the Shanghai National Police, the state has failed to do.
The country had vowed to improve the protection of online user data privacy, instructing its tech giants to ensure safer storage after public complaints about mismanagement and misuse.
Source: Read Full Article