An unidentified hacker alleges to have acquired an extensive dataset containing sensitive details of approximately one billion Chinese citizens, raising concerns among cybersecurity experts about potentially one of the most significant breaches in history.
The purported 23-terabyte cache was reportedly pilfered from the Shanghai police department and publicly advertised on hacking forums within the country. The individual, self-identifying as “ChinaDan,” surfaced on Breach Forums, offering to sell the data for 10 bitcoins, equivalent to approximately £165,000.
According to ChinaDan’s post, the leaked database from 2022, attributed to the Shanghai National Police (SHGA), encompasses terabytes of data and information on billions of Chinese citizens. The compromised data reportedly includes personal details such as names, addresses, birthplaces, national ID numbers, mobile numbers, and comprehensive crime/case records.
The Wall Street Journal claims to have verified a portion of the data, and notable figures in the Chinese tech industry have supported its authenticity. Changpeng Zhao, the CEO of Binance, a prominent cryptocurrency exchange, acknowledged a breach detected by his company, attributing it to a potential bug in an Elastic Search deployment by a government agency. He also mentioned an enhancement in user verification processes in response to the alleged hack.
Despite widespread discussions on China’s Weibo and WeChat platforms, neither the Shanghai government nor the police department issued a response to inquiries on Monday. The hashtag “data leak” was reportedly blocked on Weibo by Sunday afternoon.
Kendra Schaefer, Head of Tech Policy Research at Beijing-based consultancy Trivium China, expressed skepticism on Twitter, stating that distinguishing truth from rumor was challenging. If the hacker’s claim is accurate and the data originates from the Ministry of Public Security, Schaefer noted that it would be a severe and historic breach with significant implications.
This purported hack emerges at a time when China has committed to enhancing safeguards for online user data, urging its tech giants to ensure secure storage in response to public concerns about mismanagement and misuse. In the previous year, China enacted new laws regulating the handling of personal information and data generated within its borders.