One billion Chinese individuals’ personal information has allegedly been stolen by a hacker from the Shanghai police, which, according to cyber experts, would represent one of the greatest data breaches in history.
Last week, the “ChinaDan” internet user posted on the hacker Breach Forums offering to sell more than 23 gigabytes (TB) of data for 10 bitcoin, or almost $200,000.
“The Shanghai National Police (SHGA) database was compromised in 2022. Many TB of data and information about billions of Chinese citizens are contained in this database “claimed the post.
“Databases contain information on 1 billion inhabitants who are Chinese nationals and several billion case data, including name, residence, birthplace, national ID number, mobile number, and all crime/case details.”
Reporters were unable to confirm the post’s veracity.
On Monday, demands for comment were not answered by the Shanghai police or government.
The self-described hacker, ChinaDan, was likewise unreachable by reporters, but over the weekend, the post generated a lot of discussion on Weibo and WeChat in China, with many users concerned that it might be true.
By Sunday afternoon, the hashtag “data leak” had been disabled on Weibo.
It is “impossible to parse fact from the rumor mill,” wrote Kendra Schaefer, head of tech policy research at the Beijing-based consultancy Trivium China, in a post on Twitter.
If the information the hacker claimed to possess originated from the Ministry of Public Security, Schaefer said it would be terrible for “a number of reasons.”
It would undoubtedly rank among the worst and biggest breaches in history, she said.
The threat intelligence of the cryptocurrency exchange discovered the sale of documents belonging to 1 billion citizens of an Asian nation on the dark web, according to Zhao Changpeng, CEO of Binance, who said on Monday that the exchange has tightened user verification procedures.
He suggested on Twitter that a leak may have occurred as a result of “a problem in an Elastic Search deployment by a (government) agency,” but he did not specify whether the Shanghai police case was the subject of his comment. A request for additional comment did not receive a prompt response from him.
The hacking claim comes at a time when China has committed to strengthening the security of internet user privacy, ordering its tech titans to ensure safer storage in response to widespread complaints about improper handling and abuse.
China approved new legislation governing the handling of personal data and data generated within its borders last year.
