Hacker Claims Theft Of Data On 1 Billion Chinese Citizens

An unknown hacker has claimed to have stolen data on one billion Chinese citizens from Shanghai police, which, if true, would make it one of the biggest data breaches in history, industry watchers said.

An internet user using the name ChinaDan said on hacker forum Breach Forums last week he wanted to sell the data, making up more than 23 terabytes of information, for 10 Bitcoin, or about $200,000 (£165,000).

The user claimed the data included information such as names, addresses and national ID numbers.

‘Leak’

“In 2022, the Shanghai National Police (SHGA) database was leaked,” the user wrote. “This database contains many TB of data and information on Billions of Chinese citizen.

“Databases contain information on 1 Billion Chinese national residents and several billion case records, including: name, address, birthplace, national ID number, mobile number, all crime/case details.”

The Shanghai government and police service and China’s internet regulator, the Cyberspace Administration of China, have not yet commented publicly about the matter.

The comments were reportedly widely discussed on WeChat and Weibo social media over the weekend, with users concerned the hack could be real.

Data concern

The hashtag “data leak” was blocked on Weibo by Sunday afternoon, Reuters reported.

Kendra Schaefer, head of tech policy research at Beijing-based research firm Trivium China, said on Twitter that it was “hard to parse truth from rumour mill” but that if the material had really been stolen it “would be among biggest and worst breaches in history”.

Zhao Changpeng, founder and chief executive of cryptocurrency exchange Binance said on Twitter on Monday that the company had tightened verification procedures after detecting “1 billion resident records for sale” of “one Asian country”, without specifying which one.

Privacy law

He speculated it was “likely due to a bug in an Elastic Search deployment by a (government) agency”, without giving details. Elasticsearch is a popular distributed search and analytics engine often used for security and business intelligence.

China last year brought in a new privacy law intended to tighten controls on the collection and use of personal data, including stronger rules governing surveillance systems.