An unknown hacker has claimed to have stolen data on one billion Chinese citizens from Shanghai police, which, if true, would make it one of the biggest data breaches in history, industry watchers said.
An internet user using the name ChinaDan said on hacker forum Breach Forums last week he wanted to sell the data, making up more than 23 terabytes of information, for 10 Bitcoin, or about $200,000 (£165,000).
The user claimed the data included information such as names, addresses and national ID numbers.
“In 2022, the Shanghai National Police (SHGA) database was leaked,” the user wrote. “This database contains many TB of data and information on Billions of Chinese citizen.
“Databases contain information on 1 Billion Chinese national residents and several billion case records, including: name, address, birthplace, national ID number, mobile number, all crime/case details.”
The Shanghai government and police service and China’s internet regulator, the Cyberspace Administration of China, have not yet commented publicly about the matter.
The comments were reportedly widely discussed on WeChat and Weibo social media over the weekend, with users concerned the hack could be real.
The hashtag “data leak” was blocked on Weibo by Sunday afternoon, Reuters reported.
Kendra Schaefer, head of tech policy research at Beijing-based research firm Trivium China, said on Twitter that it was “hard to parse truth from rumour mill” but that if the material had really been stolen it “would be among biggest and worst breaches in history”.
Zhao Changpeng, founder and chief executive of cryptocurrency exchange Binance said on Twitter on Monday that the company had tightened verification procedures after detecting “1 billion resident records for sale” of “one Asian country”, without specifying which one.
He speculated it was “likely due to a bug in an Elastic Search deployment by a (government) agency”, without giving details. Elasticsearch is a popular distributed search and analytics engine often used for security and business intelligence.
China last year brought in a new privacy law intended to tighten controls on the collection and use of personal data, including stronger rules governing surveillance systems.
Targetting AWS, Microsoft? British competition regulator soon to announce “behavioural” remedies for cloud sector
Move to Elon Musk rival. Former senior executive at X joins Sam Altman's venture formerly…
Bitcoin price rises towards $100,000, amid investor optimism of friendlier US regulatory landscape under Donald…
Judge Kaplan praises former FTX CTO Gary Wang for his co-operation against Sam Bankman-Fried during…
Explore the future of work with the Silicon In Focus Podcast. Discover how AI is…
Executive hits out at the DoJ's “staggering proposal” to force Google to sell off its…