Hacker Claims to be Selling Leaked Data of a Billion Chinese Citizens

News

An anonymous hacker has claimed to have obtained the personal information of a billion Chinese citizens, allegedly stolen from the Shanghai police, in what could be the biggest data breach in history if true.

July 5, 2022

The person or the group claiming the attack, self-identified as “ChinaDan,” listed the 23 terabytes of data on sale for 10 bitcoin (approximately US$197,000) on the underground cybercrime forum Breach Forum on Thursday, which was taken down on Sunday by forum administrators.

Asiamarkets.com, however, kept a screenshot of the post.

"In 2022, the Shanghai National Police (SHGA) database was leaked. This database contains many TB of data and information on Billions of Chinese citizens," the post said.

The records on sale on the dark web contains the names, addresses, birthplaces, national IDs, phone numbers, and police records of residents, according to the post.

ChinaDan provided a sample database of 750,000 records to show interested buyers that the information for sale was legitimate.

Binance CEO Zhao Changpeng tweeted on Sunday that his company's threat intelligence experts detected the hacker’s claims, saying that the leak was likely caused by a bug in the ElasticSearch database, a search engine, that a Chinese government agency used.

The hacker claimed that the data was extorted from Aliyun, a cloud computing system and subsidiary of Alibaba Group, which they said hosts the Shanghai police database.

Although the leak’s scope and accuracy remains unconfirmed, Wall Street Journal reached out to several of the citizens whose data was leaked, some of whom verified that the information was, in fact, correct.

Data leaks have been spreading more and more in recent years, with over 22 billion records exposed in the past year, according to a cybersecurity report.

In 2021, Beijing passed the Personal Information Protection Law in response to growing public discontent with the increased data breaches. Recent leaks include the Xinjiang Police Files in 2022, which are records hacked from the Chinese police proving human rights abuses against ethnic Uyghurs according to rights groups; and the 2020 alleged hack into the Twitter-like service Weibo Corp., compromising account information of over 500 million users.