HONG KONG – Hackers claim to have obtained a treasure trove of data on 1 billion Chinese from a Shanghai police database in a leak that, if confirmed, could be one of the biggest data breaches in history.
In a post on online hacking forum Breach Forums last week, someone using the name “ChinaDan” offered to sell nearly 24 terabytes (24 TB) of data, allegedly including information on 1 billion people and “several billion case records “. 10 Bitcoin worth about $200,000.
The data allegedly includes information from the Shanghai National Police database, including names, addresses, national identification numbers and cell phone numbers, and case details.
A sample of data viewed by The Associated Press listed names, dates of birth, ages and cell phone numbers. One individual was listed as born “2020” with their age as “1”, suggesting that information about minors was included in the data obtained at the breach.
The Associated Press could not immediately verify the authenticity of the data samples. Shanghai police did not immediately respond to a request for comment.
The data leak initially sparked discussions on Chinese social media platforms like Weibo, but censors have since moved to block keyword searches for “Shanghai data leak.”
One person said they were skeptical until they managed to verify some of the personal information leaked online by trying to search for people on Alipay using their personal information.
“Everyone please be careful in case there is more phone scams in the future!” they said in a Weibo post.
Another person commented on Weibo that the leak means everyone is “walking around naked” — slang that refers to a lack of privacy — and that it’s “awful.”
Experts said the breach, if confirmed, would be the largest in history.
Kendra Schaefer, a technology partner at political research firm Trivium China, said in a tweet that it’s “difficult to analyze the truth from the rumor mill but can confirm the file exists.”
According to Michael Gazeley, CEO of Hong Kong-based security firm Network Box, such data leaks are fairly common.
“There are currently approximately 12 billion compromised accounts on the dark web. That’s more than the total number of people in the world,” he said, adding that a majority of data leaks often come from the US
Chester Wisniewski, senior research scientist at cybersecurity firm Sophos, said the breach was “potentially incredibly embarrassing for the Chinese government” and the political harm likely outweighed the harm to the people whose data was leaked.
Most of the data is similar to what advertising companies running banner ads would have, he said.
“When you talk about the information of a billion people and it’s static information, it’s not about where they traveled, who they communicated with or what they did, then it becomes a lot less interesting,” he said Wisniewski.
However, once hackers get data and put it online, it is impossible to remove it completely.
“Once information is released, it’s out there forever,” Wisniewski said. “So if anyone believes their information was part of this attack, they must assume that it is available to everyone forever, and they should take precautions to protect themselves.”
A major cryptocurrency exchange said it has strengthened verification procedures to guard against scam attempts, such as B. Using personal information from the reported hack to take over people’s accounts.
Zhao Changpeng, CEO of Binance, a cryptocurrency exchange, said in a tweet Monday that his threat intelligence spotted the sale of “1 billion population records.”
“This has implications for hacker detection/prevention measures, mobile phone numbers used for account takeovers, etc.” Zhao wrote in his tweets before saying that Binance had already stepped up verification measures.
In 2020, several U.S. federal agencies such as the State Department, Department of Homeland Security, telecom companies, and defense contractors were compromised by a major cyberattack believed to have originated from Russian hackers.
Last year, over 533 million Facebook users had their data published on a hacking forum after hackers deleted their data due to a vulnerability that has since been patched.
AP journalist Emily Wang in Beijing and researcher Chen Si in Shanghai contributed to this report.
Copyright 2022 The Associated Press. All rights reserved. This material may not be published, broadcast, transcribed or redistributed without permission.
https://www.local10.com/tech/2022/07/05/alleged-chinese-police-database-hack-leaks-data-of-1-billion/ Alleged database hack by Chinese police reveals data of 1 billion