Alleged Chinese police database hack leaks billion-dollar data

HONG KONG– Hackers claim to have obtained a trove of data on 1 billion Chinese people from a Shanghai police database in a leak that, if confirmed, could be one of the world’s biggest data breaches ‘story.

In a post on online hacking forum Breach Forums last week, someone using the handle “ChinaDan” offered to sell nearly 24 terabytes (24TB) of data, including what he claimed was information. out of 1 billion people and “several billion records” for ten Bitcoinworth about $200,000.

The data would include information from the Shanghai National Police database, including names, addresses, national identification numbers and mobile phone numbers, as well as case details.

A sample of data viewed by The Associated Press lists names, birth dates, ages and cell phone numbers. One person was listed as born in “2020”, with their age listed as “1”, suggesting information about minors was included in the data obtained during the breach.

The Associated Press could not immediately verify the authenticity of the data samples. Shanghai police did not immediately respond to a request for comment.

The data leak initially sparked discussions on Chinese social media platforms such as Weibo, but censors have since decided to block keyword searches for “Shanghai data leak”.

One person said he was skeptical until he managed to verify some of the personal data leaked online by trying to search for people on Alipay using their personal information.

“Everyone, be careful in case there are more phone scams in the future!” they said in a Weibo post.

Another person commented on Weibo that the leak means everyone is “running naked” – slang used to refer to a lack of privacy – and it’s “horrifying”.

Experts said the breach, if confirmed, would be the largest in history.

Kendra Schaefer, technology partner at political research firm Trivium China, said in a tweet that it’s “difficult to analyze the truth of the rumor, but can confirm the file exists.”

Such data leaks are quite common, according to Michael Gazeley, managing director of Hong Kong-based security firm Network Box.

“There are currently around 12 billion compromised accounts published on the Dark Web. That’s more than the total number of people in the world,” he said, adding that the majority of data leaks often come from the United States.

Chester Wisniewski, a senior researcher at cybersecurity firm Sophos, said the breach is “potentially incredibly embarrassing to the Chinese government” and the political harm would likely outweigh any harm to the people whose data was leaked.

Most of the data is similar to what advertising companies running banner ads would have, he said.

“When you’re talking about information about a billion people and it’s static information, it’s not about where they traveled or who they communicated with or what they did, then it becomes a lot less interesting,” Wisniewski said.

Yet, once hackers obtain data and put it online, it is impossible to delete it completely.

“The information, once it gets out, is still out there,” Wisniewski said. “So if anyone believes their information was part of this attack, they should assume that it is still available to everyone and they should take precautions to protect themselves.”

A major cryptocurrency exchange said it had tightened verification procedures to guard against fraud attempts such as using personal information from the reported hack to take control of people’s accounts.

Zhao Changpeng, CEO of Binance, a cryptocurrency exchange, said in a tweet on Monday that its threat intelligence detected the sale of “1 billion resident records”.

“This impacts hacker detection/prevention measures, mobile numbers used for account takeovers, etc.” Zhao wrote in his tweets, before saying that Binance had already tightened verification measures.

In 2020, a major cyberattack allegedly carried out by Russian hackers compromised several US federal agencies such as the State Department, Department of Homeland Security, telecommunications companies, and defense contractors.

Last year, more than 533 million Facebook users had their data posted to a hacking forum after hackers grabbed their data due to a vulnerability that has since been patched.

——

AP reporter Emily Wang in Beijing and researcher Chen Si in Shanghai contributed to this report.

Leave a Comment