Posted on July 6, 2022 at 5:03 AM
A hacker recently claimed that it stole the personal information of 1 billion Chinese citizens after compromising a Shanghai police. If this is confirmed, it would be the largest ever data breach in history.
The hacker, who goes by the pseudonym “ChinaDan” posted on dark net forums last week and offered the stolen data for 10 Bitcoin, which is equal to about $200,000 as of the time of writing. According to the hacker, the stolen information contains more than 23 terabytes (TB) of data.
There could be an element of truth from the hacker, considering that the Shanghai National Police (SHGA) database was compromised earlier this year, with many TB of data on billions of Chinese citizens exposed.
At the time, the report revealed that the exposed database contained information on one billion Chinese nationals, including their name, addresses, case records, national ID numbers, and mobile numbers.
The Hacker’s Identity Is Unknown
The identity of the hacker is unclear, and the authenticity of the post has not been completely verified as of press time. Additionally, several numbers on the database were no longer used by the original owners, so it’s not clear how far the stolen data is dated. Chinese officials are yet to respond to the alleged data leak.
Senior scientist at the University of Wisconsin-Madison, Yi Fu-Xian, stated that he downloaded the data supposedly posted by the hacker on the internet. He Noted that the sample data is related to the data of some Chinese citizens in the Hunan province.
“The data contained information about almost all the counties in China, he said, adding that some of the information is related to a county in Tibet. Fu-Xian stated that the demographic trend of the data extracted is far worse than what has been reported by the Chinese officials.
This will not be the first time the database of Chinese citizens has been allegedly exposed. In 2016, a hacker posted sensitive information about Chinese individuals, including Jack Ma, Alibaba’s founder, on Twitter. The Chinese authorities had to step in to salvage the worrying situation. In line with the steps taken to curb data theft, the Chinese government passed laws that govern how data and personal information generated within its border should be used.
Chinese Citizens Show Concerns Over Leaked Data
Following the news of the database leak, several social media portals discussed ChinaDan’s post. Users on various popular platforms like WeChat and Weibo shared their worries that the post could be true.
By Sunday afternoon, Webo blocked the hashtag “Shanghai data leak”, which was circulating rapidly. However, some users on various other Chinese social media platforms were still discussing the incident. Users on the platform expressed dismay and shock, with many of them saying they are now “transparent human beings.”
Head of tech policy research at consultancy Trivium China, Kendra Schaefer, stated that it was difficult to “parse truth from rumor mill”.
He added that it would be very bad for a lot of reasons if the data the hacker claimed to have was stolen from the ministry of public security. IT will rank as one of the worst data theft in the history of the world.
Binance’s Boss Says The Exchange Has Put More Security Measures
Chief Executive Officer of Binance, Zhao Changpeng, stated that the crypto exchange platform has intensified efforts to improve verification processes. He added that the security update was carried out after the exchange’s threat intelligence discovered the sale of data belonging to 1 billion Chinese residents on the dark net.
In a Twitter post, he stated that the incidence could have occurred because of a vulnerability in an elastic search deployment by the Chinese government agency. However, he didn’t mention any particular agency.
The hacking claim is coming when China is making serious efforts to improve the protection of online user data privacy. The government has instructed tech giants in the country to beef up the security of users on their platforms after receiving public complaints about abuse and mismanagement.
The Chinese government has been very strict about the protection of the data of its citizens. But the recent claim by the hacker, if true, could pose serious questions to those responsible for the protection of data. While many believe the leak came from a vulnerable server, it will be a further reminder that threat actors are always ready to pounce on any loophole.