A hacker is selling data on a billion Chinese citizens, that he stole from the Shanghai national police database!
Find out what’s going on, and what this data breach entails!
Shanghai Police Data On 1 Billion Chinese Citizens Leaked!
A hacker who called himself “ChinaDan” posted in the Breach Forums that he hacked into the Shanghai National Police (SHGA) database and stole more than 23 terabytes of data.
He is offering to sell data on 1 billion Chinese citizens, including their name, address, birthplace, national ID number and mobile numbers, for 10 bitcoins – which is currently worth about US$204,285 / €200,227.
He also posted a sample of 750,000 data entries from the three main indexes of the database, for potential buyers to evaluate.
Shanghai Police Database Left Unsecured For 14 Months!
ChinaDan claimed that the SHGA database was left unsecured on an Alibaba Cloud server. This was confirmed by several cybersecurity experts who had earlier stumbled upon the same database.
Even worse, the database was apparently left unsecured for at least 14 months! Vinny Troia – the founder of dark web intelligence first, Shadowbyte, said that he first discovered the SHGA database “around January” 2021.
Troia even downloaded one of the main indexes of the SHGA database, which contained information on nearly 970 million Chinese citizens (at that time).
And best of all – they made the data available to anybody who registers for an account!
This Was Second Hack Of Shanghai National Police Database!
Bob Diachenko – a Ukrainian cybersecurity researcher – discovered the database independently in April, and noticed that the databased was attacked in mid-June by a hacker who copied the data, destroyed the copy on the server and left a ransom note demanding 10 bitcoins for its recovery.
By July 1, the ransom note disappeared, but only 7 gigabytes of data was available on the server, instead of the earlier 23 TB.
It is unknown if this data ransom “hack” was performed by ChinaDan, or a different hacker.
Diachenko said that the unsecured and exposed database continued to be used after that, until it was shut down over the weekend, after news of the data leak broke.
This is shocking because it suggests that the database administrators were already aware of a prior breach, but did nothing to secure the database, or shore up cybersecurity measures.
Most Of China Affected By Shanghai Police Data Leak!
The Shanghai National Police data leak is currently the largest leak of public information ever.
It does not just cover people who live in, or have been in Shanghai. The database actually has information on over 70% of its 1.4 billion population in almost all counties in China.
This massive data leak acutely demonstrates the risk of government collection of data. China notably collects a tremendous amount of data on its citizens, including digital and biological data through facial recognition, iris scanners, social media tracking and phone trackers.
Once such data is leaked, it is forever exposed, putting people at risk of scams, identity theft, or even extortion.
China Censors Coverage Of Shanghai Police Data Leak
The Chinese government and the Shanghai Police have both refused to comment on the massive data leak.
Instead, they started blocking related words on Weibo, like “Shanghai data leak”, “data leak”, “Shanghai national security database breach”, “1 billion citizens’ record leak”.
Censors have also scrubbed news on this data breach from WeChat, with one popular WeChat user telling his 27,000 followers that he had been summoned to be questioned by the police.
China’s major English-language media like CGTN, Global Times, Xinhua, etc. have also not published any story on the Shanghai police data leak, despite public interest and its wide-ranging consequences for China.
- Did Dutch Gov Close Farms To Fight Climate Change?!
- FCC Commissioner Asks Apple + Google To Remove TikTok!
- Are MySejahtera 68808 SMS Messages A Scam?!
- Cloudflare Went Down, Knocking Many Websites Offline!
- TikTok Leak : China Repeatedly Accessed Private User Data!
Go Back To > Cybersecurity | Enterprise | Tech ARP