Hacker Selling Shanghai Police Database with Billions of Chinese Citizen Data

Hacker Selling Shanghai Police Database with Billions of Chinese Citizen Data

As seen by Hackread.com, the database is currently being sold for 10 Bitcoin (around $200,000) at the time of publishing this article.

Unidentified hackers claim to have stolen data of more than one billion Chinese citizens, which experts believe could be the largest ever cybersecurity breach in China’s history.

As seen by Hackread.com, the database is currently being sold on a hacker forum which surfaced as an alternative to popular and now-sized Raidforums.

According to the seller, the data was stolen from a database owned by the Shanghai National Police (SHGA) and includes the following information:

  • Name
  • Address
  • Birthplace
  • Mobile number
  • National ID Number
  • All Crime and Case details

Shanghai Police officials are yet to respond to the news. The Cyberspace Administration of China also didn’t release any statement confirming or denying the attack. However, it must be noted that the seller has confirmed that SHGA did not suffer a security breach and that the database was leaked due to misconfiguration.

Hacker Selling Shanghai Police Database with billions of Chinese Citizens Data
The hacker forum where the data is being sold (Image credit: Hackread.com)

Stolen Data Up for Sale for 10 Bitcoin

It is worth noting that the hackers who have stolen up to 23 terabytes of data from the Shanghai police database are now selling it for 10 bitcoins, equivalent to $200,000. The Chinese cybersecurity fraternity is currently under great shock as they try to determine the authenticity of these claims.

Binance Confirms the Breach

On Monday, the founder and CEO of Binance cryptocurrency exchange, Zhao Changpeng, tweeted about the incident. However, Changpeng didn’t name the targeted country and only mentioned that “one Asian country” was the victim of this breach.

Binance’s CEO also wrote that these records are up for sale on the Dark Web. Changpeng believes that a flaw in the ElasticSearch database is responsible for the data breach and sensitive data, including national identity, and medical and police records, is also up for sale on the illegal marketplace.

“It is important for all platforms to enhance their security measures in this area. @Binance has already stepped up verifications for users potentially affected,” Changpeng wrote in another tweet.

Our threat intelligence detected 1 billion resident records for sell in the dark web, including name, address, national id, mobile, police and medical records from one asian country. Likely due to a bug in an Elastic Search deployment by a gov agency. This has impact on …

— CZ 🔶 Binance (@cz_binance) July 3, 2022

Cybersecurity experts believe a third-party cloud infrastructure could have caused the breach. For your information, Alibaba, Huawei, and Tencent are prominent external cloud services providers in China.

Not The First Time

The incident should not come as a surprise since China and the United States are “leaders” when it comes to exposing databases online. In fact, a recent report revealed that both countries exposed most databases among 308,000 discovered in 2021.

In March 2019, a database labeled “BreedReady” was found exposing the personal data of 1.8 million Chinese women.

In February 2019, a Chinese facial recognition database was exposed online which leaked tracking and personal details of millions of Chinese Muslims especially Uyghur Muslims. Furthermore, in January 2020, in an unusual incident, the personal data of 56 million Americans were exposed from PC in China.

Update July 6th

The administrator of the forum where the alleged data is being sold has revealed on their official Telegram channel that the Chinese authorities have blocked the domain in the country. However, the forum’s .Onion domain (or the dark web domain) can be accessible across the globe via the Tor browser.

Screenshot from Telegram

More Big Data Leak News

Related Posts