An anonymous hacker has stated that he has successfully infiltrated the Shanghai police department’s database. In doing so, he apparently extracted personal information of a staggering one billion Chinese citizens.
The individual, ‘ChinaDan’, took sole responsibility for the data breach. As reported by Reuters and PCMag, he detailed the incident on hacker forum Breach Forums.
He’s currently offering the huge amount of information for 10 Bitcoins, which would translate to around $200,000 at current rates. The aforementioned data is said to equal 23 terabytes (TB) in size.
Dan said he obtained the files containing the names, addresses, and mobile numbers from the Shanghai National Police (SHGA) database.
He also reportedly managed to gain access and retrieve the birthplaces, national ID numbers, and every single crime case related to the one billion citizens, all of whom are based primarily in China.
Currently, Reuters wasn’t able to confirm whether the claim of the post is indeed real. The Shanghai government and its police department have yet to comment on the situation since it materialized earlier this week.
That said, Zhao Changpeng, CEO of popular cryptocurrency exchange Binance, confirmed that the company has intensified its user verification processes. Why? Its threat intelligence arm detected that these records are now being sold on the dark web.
The leak could be attributed to “a bug in an Elastic Search deployment by a (government) agency, he detailed in a tweet. “This has impact on hacker detection/prevention measures, mobile numbers used for account takeovers, etc.”
He continued that “apparently, this exploit happened because the gov developer wrote a tech blog on CSDN [the China Software Developer Network] and accidentally included the credentials.”
Kendra Schaefer, the head of tech policy research at consultancy Trivium China, said that if the data was actually obtained via the Ministry of Public Security, it would naturally be bad for “a number of reasons. Most obviously it would be among [the] biggest and worst breaches in history,” she said.
Indeed, if the claim from the hacker is ultimately verified, then the cyber incident would rank as probably the largest data breach in history.
The post from ChinaDan itself is already generating a considerable amount of discussion on Chinese social media platform Weibo, as well WeChat throughout the weekend. In fact, the hashtag “data leak” was blocked on Weibo by Sunday afternoon, according to Reuters.
Elsewhere, an underground online marketplace that sold the personal details of around 24 million U.S. citizens was recently shut down. The service’s profits, meanwhile, far exceeds Dan’s $200,000 asking price — since April 2015, blockchain analysis company Chainalysis confirmed that it found $22 million in Bitcoin transactions retrieved by SSNDOB.
2022 has undoubtedly been a busy year for hackers in general. There have been a number of unprecedented situations related to the hacking scene, ranging from various shutdowns such as the largest dark web marketplace being taken offline, to Microsoft launching its own cybersecurity initiative to combat the sheer rise in cybercrime.
