- China has reportedly blocked news about a hacker who claimed to have stolen a local police database and subsequently offered to sell it for 10 bitcoin (about $200,000).
- The leaked Shanghai National Police database allegedly contains 23 terabytes of data including personal information from 1 billion Chinese citizens.
- The breach remains unconfirmed and Chinese authorities have yet to make a public statement regarding the issue.
China is reportedly blocking news about a hacker who claimed to have stolen a police database containing information on 1 billion citizens and offered to sell it for 10 bitcoin (approximately $200,000).
The anonymous hacker, who goes by the username ChinaDan, said the database contains more than 23 terabytes of data including personal information, such as addresses, mobile numbers and criminal histories.
“In 2022, the Shanghai National Police (SHGA) database was leaked. This database contains many TB of data and information on billions of Chinese citizens,” ChinaDan posted on Breach Forums.
“Databases contain information on 1 billion Chinese national residents and several billion case records, including: name, address, birthplace, national ID number, mobile number, all crime/case details.”
The authenticity of the post remains in question as of this writing. But if such a leak was true, it would be one of the biggest data breaches in history, according to experts.
The post has since made its way to Chinese social media, but censors moved quickly to block related searches.
Hashtags like “data leak,” “Shanghai national security database breach” and “1 billion citizens’ records leak,” which had raked millions of engagements, were blocked on Weibo, according to the Financial Times. WeChat also removed the news, including a post from a prominent blogger that discussed the impacts of the breach.
Samples from the leak appear to be real. The New York Times reported four people from one sample as confirming their details, while four others confirmed their names before hanging up.
So far, Shanghai authorities have also kept quiet on the news. Alibaba, which reportedly owns the cloud service from which the stolen data was allegedly retrieved, has also declined to comment.
In response to the controversy, Binance Chief Executive Officer Zhao Changpeng said the cryptocurrency exchange had tightened user verification processes after detecting the sale of records on one billion residents of an Asian country on the dark web. On Twitter, he said the leak may have occurred as a result of “a bug in an Elastic Search deployment by a (government) agency.”
Meanwhile, Chinese social media users are encouraging each other to exercise caution. It turns out the breach may also contain data from minors, with one person being listed as born in 2020 and their age as “1.”
“Everyone, please be careful in case there are more phone scams in the future,” one wrote on Weibo.
Featured Image via Pixahive (representation only)