Chinese Hacker Sells Police Data On 1-B Citizens For $200,000
A hacker claims to have obtained a wealth of personal information on 1-Billion Chinese individuals from the Shanghai police, which, if accurate, would be one of the largest data breaches in history, according to cyber experts, Brenda Goh, Sophie Yu, Stella Qiu, Eduardo Baptista and Josh Ye reported for Reuters.
Photo Insert: A police station in Shanghai
Last week, an anonymous internet user identified as "ChinaDan" posted on the hacker forum Breach Forums offering to sell more than 23 terabytes (TB) of data for 10 bitcoins, almost $200,000.
"In 2022, the Shanghai National Police (SHGA) database was leaked. This database contains many TB of data and information on Billions of Chinese citizens," according to the post.
"Databases contain information on 1-Billion Chinese national residents and several billion case records, including: name, address, birthplace, national ID number, mobile number, all crime/case details."
Reuters was unable to contact the self-proclaimed hacker, ChinaDan, but the post was widely debated on China's Weibo and WeChat social media sites over the weekend, with many users concerned that it was genuine.
By Sunday afternoon, the hashtag "data leak" had been removed from Weibo. If the material the hacker claimed to have come from the Ministry of Public Security, it would be bad for "a number of reasons," said Kendra Schaefer, head of tech policy research at Beijing-based consultancy Trivium China.
"Most obviously, it would be among the biggest and worst breaches in history," she said.
Binance CEO Zhao Changpeng announced on Monday that the cryptocurrency exchange had increased user verification processes after the business's threat intelligence spotted the sale of records belonging to 1-Billion Asian people on the dark web.
He stated on Twitter that a leak could have occurred as a result of "a bug in an ElasticSearch deployment by a (government) agency," but did not specify if he was referring to the Shanghai police case. He did not react promptly to a request for additional comment.