A hacker has claimed to have acquired the personal data of 1 billion Chinese citizens from a Shanghai Police database. If the hacker’s claims are indeed true, it would rank among the greatest data breaches in history.
The hacker, who goes by the name ‘ChinaDan’, had posted on the hacker forum ‘Breach Forums’ last week, offered to sell more than 23 terabytes of data in exchange for 10 bitcoin, which is equivalent to around USD 200,000.
The post reads, “In 2022, the Shanghai National Police (SHGA) database was leaked. This database contains many TB of data and information on billions of Chinese citizens. Databases contain information on 1 billion Chinese national residents and several billion case records, including: name, address, birthplace, national ID number, mobile number, all crime/case details.”
Chinese officials are yet to react to the ‘data hack’ as of Monday.
He (the hacker) had downloaded the sample data available on the internet and found information related to his home county in Hunan province, said Yi Fu-Xian, a senior scientist at the University of Wisconsin-Madison.
Yi said, “The data contained information about almost all the counties in China, and I have even discovered data related to a remote county in Tibet, where there are only a few thousand residents.”
He further warned that the demographic trend extracted from the data is worse than what the officials have reported.
This is not the first time a data breach has happened in the country. China has witnessed numerous such data leak incidents over the past few years.
In 2016, sensitive information about Alibaba founder Jack Ma and other Chinese big shots was posted on Twitter.
Chinese authorities were shaken by these incidents. Last year, China enacted laws governing how private information and data generated within its borders should be handled.
On Weibo and WeChat social media sites over the weekend, there was a lot of discussion over ChinaDan’s post, with many users concerned that it might be authentic.
Despite the hashtag ‘Shanghai data leak’ being blocked on Weibo by Sunday afternoon, there were still some discussions on Chinese social media about this breach. Users expressed shock and despair, with some stating that they were now “transparent human beings”.
On Twitter, Kendra Schaefer, head of tech policy research at Beijing-based consultancy Trivium China, wrote, “it was hard to parse truth from rumour mill.”
If the information the hacker claimed to possess originated from the ministry of public security, Schaefer said it would be terrible for “a number of reasons.”
“Most obviously it would be among the biggest and worst breaches in history,” he added.
Following the discovery of the sale of records belonging to one billion residents of an Asian nation on the dark web by the exchange’s threat intelligence, Binance CEO Zhao Changpeng announced on Monday that the cryptocurrency exchange had strengthened its user-verification procedures.