As seen by Hackread.com, the database is currently being sold for 10 Bitcoin (around $200,000) at the time of publishing this article.
Unidentified hackers claim to have stolen data of more than one billion Chinese citizens, which experts believe could be the largest ever cybersecurity breach in China’s history.
As seen by Hackread.com, the database is currently being sold on a hacker forum which surfaced as an alternative to popular and now-sized Raidforums.
According to the seller, the data was stolen from a database owned by the Shanghai National Police (SHGA) and includes the following information:
- Mobile number
- National ID Number
- All Crime and Case details
Shanghai Police officials are yet to respond to the news. The Cyberspace Administration of China also didn’t release any statement confirming or denying the attack. However, it must be noted that the seller has confirmed that SHGA did not suffer a security breach and that the database was leaked due to misconfiguration.
Stolen Data Up for Sale for 10 Bitcoin
It is worth noting that the hackers who have stolen up to 23 terabytes of data from the Shanghai police database are now selling it for 10 bitcoins, equivalent to $200,000. The Chinese cybersecurity fraternity is currently under great shock as they try to determine the authenticity of these claims.
Binance Confirms the Breach
On Monday, the founder and CEO of Binance cryptocurrency exchange, Zhao Changpeng, tweeted about the incident. However, Changpeng didn’t name the targeted country and only mentioned that “one Asian country” was the victim of this breach.
Binance’s CEO also wrote that these records are up for sale on the Dark Web. Changpeng believes that a flaw in the ElasticSearch database is responsible for the data breach and sensitive data, including national identity, and medical and police records, is also up for sale on the illegal marketplace.
“It is important for all platforms to enhance their security measures in this area. @Binance has already stepped up verifications for users potentially affected,” Changpeng wrote in another tweet.
Our threat intelligence detected 1 billion resident records for sell in the dark web, including name, address, national id, mobile, police and medical records from one asian country. Likely due to a bug in an Elastic Search deployment by a gov agency. This has impact on …— CZ 🔶 Binance (@cz_binance) July 3, 2022
Cybersecurity experts believe a third-party cloud infrastructure could have caused the breach. For your information, Alibaba, Huawei, and Tencent are prominent external cloud services providers in China.
Not The First Time
The incident should not come as a surprise since China and the United States are “leaders” when it comes to exposing databases online. In fact, a recent report revealed that both countries exposed most databases among 308,000 discovered in 2021.
In March 2019, a database labeled “BreedReady” was found exposing the personal data of 1.8 million Chinese women.
In February 2019, a Chinese facial recognition database was exposed online which leaked tracking and personal details of millions of Chinese Muslims especially Uyghur Muslims. Furthermore, in January 2020, in an unusual incident, the personal data of 56 million Americans were exposed from PC in China.
Update July 6th
The administrator of the forum where the alleged data is being sold has revealed on their official Telegram channel that the Chinese authorities have blocked the domain in the country. However, the forum’s .Onion domain (or the dark web domain) can be accessible across the globe via the Tor browser.
More Big Data Leak News
- Microsoft Bing server exposed user search queries and location data
- Personal details of 38 million+ US citizens leaked in database mess up
- Brazilian marketplace integrator Hariexpress exposed 1.75 billion records
- Hacker Selling 1 Billion user accounts stolen from Chinese Internet Giants
- Anti Public Combo List with Billions of Accounts Goes on Dark Web for Sale