Threat Actors Claimed that They Have Stolen Data of a Billion Chinese Residents

A hacker claimed to have stolen one billion Chinese residents’ records from the Shanghai National Police database, which is considered the largest cybersecurity breach in the country’s history.

According to an anonymous post on an online cybercrime forum last week, “The person or group claiming the attack has offered to sell more than 23 terabytes of stolen data from the database, including names, addresses, birthplaces, national IDs, phone numbers, and criminal case information”. The report says the threat actor was asking for 10 bitcoin, worth around $200,000.

The founder and Chief Executive Officer of cryptocurrency exchange Binance, Zhao Changpeng, tweeted saying, “The company had detected the breach of a billion resident records ‘from one Asian country,’ without specifying which, and had since increased verification procedures for potentially affected users”.

The Shanghai Data Leak

The data leak initially sparked discussion on Chinese social media platforms such as Weibo, but censors have since moved to block keyword searches for “Shanghai data leak.”

Kendra Schaefer, a partner for technology at policy research firm Trivium China, said in a tweet that it’s “hard to parse truth from the rumor mill, but can confirm file exists.”

According to Michael Gazeley, managing director at Hong Kong-based security firm Network Box, “There are approximately 12 billion compromised accounts posted on the Dark Web right now. That’s more than the total number of people in the world,” he said, adding that a majority of data leaks often come from the US”.

In general, because of a lack of transparency in reporting mechanisms of the country, domestic breaches are hardly revealed.

Based on the history of the attacks, in 2020, the Twitter-like service Weibo Corp. said hackers claimed to have stolen account information for more than 538 million of its users, though sensitive data such as passwords were not leaked. And this year, tens of thousands of seemingly hacked files from China’s remote Xinjiang region provided fresh evidence of the abuse of mostly Muslim ethnic Uyghurs, according to a rights group.

Under Chinese law, the exposure of personal information can result in jail terms. Reports say it’s unclear how the alleged cyberattackers in this month’s breach gained access to Shanghai police servers. Online, among the cybersecurity experts, it was circulated as the breach involved a third-party cloud infrastructure partner. Also, Alibaba Group Holding Ltd., Tencent Holdings Ltd., and Huawei Technologies Co. are among the country’s biggest external cloud services.

The authorities of Shanghai have not openly answered to the alleged hack. Also, the representatives for the city’s police and Cyberspace Administration of China, the country’s internet overseer, did not instantly respond to faxed requests for comment.

You can follow us on LinkedinTwitterFacebook for daily Cybersecurity updates.

Gurubaran is a co-founder of Cyber Security News and GBHackers On Security. He has 10+ years of experience as a Security Consultant, Editor, and Analyst in cybersecurity, technology, and communications.