A mystery hacker has claimed to have stolen a large batch of knowledge containing sensitive information on roughly one billion Chinese residents, with cyber experts warning it might be certainly one of the most important breaches in history.
The 23 terabytes (TB) cache was allegedly stolen from the Shanghai police department and advertised on hacking forums within the country.
The anonymous web user, identified as “ChinaDan”, posted on Breach Forums last week offering to sell the information for 10 bitcoin, comparable to about $200,000.
“In 2022, the Shanghai National Police (SHGA) database was leaked. This database comprises many TB of knowledge and data on Billions of Chinese citizen,” the post said.
“Databases contain information on 1 Billion Chinese national residents and several other billion case records, including: name, address, birthplace, national ID number, mobile number, all crime/case details.”
The Wall Street Journal claims to have verified a small portion of the information, while distinguished Chinese tech figures have vouched for its authenticity.
Changpeng Zhao (CZ), the CEO of leading crypto exchange Binance, said his company had detected a breach, which he said was “likely because of a bug in an Elastic Search deployment by a gov agency”. He said his firm has stepped up user verification processes following the alleged hack.
The Shanghai government and police department didn’t reply to requests for comment on Monday.
The post by ChinaDan was widely discussed on China’s Weibo and WeChat social media platforms over the weekend with many users fearful it could possibly be real.
The hashtag “data leak” was blocked on Weibo by Sunday afternoon.
Kendra Schaefer, head of tech policy research at Beijing-based consultancy Trivium China, said in a post on Twitter it was “hard to parse truth from rumour mill”.
If the fabric the hacker claimed to have got here from the Ministry of Public Security, it could be bad for “quite a few reasons”, Ms Schaefer said.
“Most obviously it could be amongst biggest and worst breaches in history,” she said.
The claim of a hack comes as China has vowed to enhance protection of online user data privacy, instructing its tech giants to make sure safer storage after public complaints about mismanagement and misuse.
Last 12 months, China passed latest laws governing how personal information and data generated inside its borders ought to be handled.
“Organisations and government entities carry a responsibility to consumers and civilians alike to protect their most respected information in any respect cost,” Bill Conner, CEO of cyer security firm SonicWall and advisor to GCHQ and Interpol, told The Independent.
“Personal information that doesn’t change as easily as a bank card or checking account number drive a high price on the Dark Web. This sort of Personally Identifiable Information is very wanted by cybercriminals for monetary gain. Firms ought to be implementing security best practices corresponding to a layered approach to protection, in addition to proactively updating any old-fashioned security devices, as a matter after all.”
Additional reporting from agencies.