A Shanghai, China police database with information on one billion Chinese citizens has been put up for sale on Breach Forums, an international forum frequented by hackers. Names, addresses, mobile numbers and in some cases even criminal records sold for 10 Bitcoins, a figure in virtual currency worth 200 thousand dollars. If all of this is confirmed by the authorities, it would be one of the largest personal data breaches in history.
The post of the user ChinaDan, whose identity has not yet been managed, appeared on the forum on July 3 and immediately reached 300 thousand views and 177 responses. “In 2022, the Shanghai National Police database was leaked. This contains many terabytes of data and information on billions of Chinese citizens,” reads the announcement which was soon removed by the administrators from the forum but of which photos are circulating online. Someone also had time to make their offer: 6 Bitcoins, about 116 thousand dollars to obtain the 23 terabytes of data.
TikTok, data of American users accessible from China: the social network defends itself
by Natasha Caragnano
“The databases contain information on one billion residents … name, address, place of birth, national identification number, mobile number, all the details of the crime / case.” And to prove he wasn’t kidding, ChinaDan released a sample set of 750,000 data. When a reporter from the US newspaper The New York Times tried to call the phone numbers that appeared in the long list, several people confirmed their name and the information that appeared in the ChinaDan set. But no one said they were aware of the data leak.
The Chinese authorities have not confirmed the news and the Shanghai Police Department has not yet responded to several requests for comment from the international media. On Chinese social networks, such as Weibo, the hashtag “Data leak” has been blocked and any posts or news have been removed. This is only the latest, and perhaps the most serious, incident of this type. In 2016, information about influential people such as the founder of the e-commerce platform Alibaba was posted on Twitter, Jack Ma. This has led China to pass a series of laws governing how personal data is handled within its borders.
The problem is that if the government doesn’t protect its citizens’ data, there are no consequences, he explained Wang Yaqiu, researcher for Human Rights Watch. In Chinese law, “there is vague language about whether state data managers are responsible for ensuring data security. And ultimately, there is no mechanism for holding government agencies responsible for data leaks.”
Hong Kong, the last governor Chris Patten: “China has betrayed its promises. It cannot be trusted”
by our correspondent Gianluca Modolo
On social networks, several analysts questioned ChinaDen’s true nature as a hacker. The asking price for such important and detailed information would be too low in comparison to the work done. This is why many think that the anonymous user is not a professional hacker, but someone who has stumbled upon the data and thought of making some money out of it.
Tim Culpanreporter from the news agency Bloombarg who deals with technology in Asia, explained that while hackers try to break into a computer system, using malware and phishing attacks, this breach appears to be much simpler. It appears that a software developer may have left an access key visible in an online code repository, which is used by many professionals to store copies of their projects’ code.
According to the CEO of Binance, the world‘s largest digital currency exchange platform, Zhao Changpeng, “the data leak happened because the developer wrote a technology blog on the China Software Developer Network and accidentally included the credentials,” he tweeted referring to the software developer network in China. But whether it was the result of a plan developed by a talented hacker or a data leak due to technical errors, one cannot ignore the fact that a billion people have been victims of yet another digital breach caused by bad guys safety practices.