Hacker Claims To Have Police Database of Over a Billion Chinese Citizens
A hacker claims to have breached the Shanghai police database and stolen the data of over a billion Chinese citizens.
According to Bleeping Computer, the person or group in question, who goes by the handle “ChinaDan” online, is now attempting to sell the 23 terabytes of stolen data for 10 bitcoin, which is worth approximately about US$195,000. The data reportedly contains names, residences, birthplaces, national ID and contact numbers, along with criminal information and records that dated as far back as 1995.
At first, it wasn't clear how the hacker (or hackers) managed to access the Shanghai National Police (SHGA) database, which prompted questions about the credibility of the claims. The hacker then provided some samples of the data to be verified by anyone who was interested. Reporters called some of the numbers listed on the samples and verified the legitimacy of the stolen data.
The threat actor later posted in a forum that the data was stolen from a local private cloud provided by Aliyun, the cloud computing subsidiary of Alibaba. Binance CEO Zhao Changpeng said his company's cybersecurity experts confirmed the claims and cites a bug in an Elasticsearch database that was deployed by a government agency. Elasticsearch is an open-source search and analytics engine that handles large volumes of data. Alibaba said it's investigating the matter.
Bloomberg reports that Shanghai authorities have yet to publicly respond to the alleged breach. Meanwhile, the Cyberspace Administration of China, the internet authority in the country, did not respond to a request for comment. The punishment for exposure of personal information, under Chinese law, is jail time.
Considering the scale of the alleged breach, the incident is said to be triggering much speculation online. Some cybersecurity experts are already calling it the biggest cybersecurity breach in China's history. However, it remains to be seen what the government will disclose regarding the breach, given its track record of keeping such incidents out of public attention.
A hacker claims to have breached Shanghai police database and stolen the data of over a billion Chinese citizens.
The person or group in question, who goes by the handle “ChinaDan” online, is now attempting to sell the 23 terabytes of stolen data for 10 bitcoin, which is approximately worth about US$195,000.
Reporters managed to verify the legitimacy of the stolen data through samples provided by the hacker.