A hacker is selling data on a billion Chinese citizens, that he stole from the Shanghai national police database!
Find out what’s going on, and what this data breach entails!
Shanghai Police Data On 1 Billion Chinese Citizens Leaked!
A hacker who called himself “ChinaDan” posted in the Breach Forums that he hacked into the Shanghai National Police (SHGA) database and stole more than 23 terabytes of data.
He is offering to sell data on 1 billion Chinese citizens, including their name, address, birthplace, national ID number and mobile numbers, for 10 bitcoins – which is currently worth about US$204,285 / €200,227.
In 2022, the Shanghai National Police (SHGA) database was leaked. This database contains many TB of data and information on billions of Chinese citizen.
Databases contain information on 1 billion Chinese national residents and several billion case records, including: name, address, birthplace, national ID number, mobile number, all crime/case details.
He also posted a sample of 750,000 data entries from the three main indexes of the database, for potential buyers to evaluate.
Shanghai Police Database Left Unsecured For 14 Months!
ChinaDan claimed that the SHGA database was left unsecured on an Alibaba Cloud server. This was confirmed by several cybersecurity experts who had earlier stumbled upon the same database.
Even worse, the database was apparently left unsecured for at least 14 months! Vinny Troia – the founder of dark web intelligence first, Shadowbyte, said that he first discovered the SHGA database “around January” 2021.
Troia even downloaded one of the main indexes of the SHGA database, which contained information on nearly 970 million Chinese citizens (at that time).
And best of all – they made the data available to anybody who registers for an account!
The site that I found it on is public, anybody (could) access it, all you have to do is register for an account. Since it was opened in April 2021, any number of people could have downloaded the data.
Either they forgot about it, or they intentionally left it open because it’s easier for them to access. I don’t know why they would. It sounds very careless.
This Was Second Hack Of Shanghai National Police Database!
Bob Diachenko – a Ukrainian cybersecurity researcher – discovered the database independently in April, and noticed that the databased was attacked in mid-June by a hacker who copied the data, destroyed the copy on the server and left a ransom note demanding 10 bitcoins for its recovery.
By July 1, the ransom note disappeared, but only 7 gigabytes of data was available on the server, instead of the earlier 23 TB.
It is unknown if this data ransom “hack” was performed by ChinaDan, or a different hacker.
Diachenko said that the unsecured and exposed database continued to be used after that, until it was shut down over the weekend, after news of the data leak broke.
Maybe there was some junior developer who noticed it and tried to remove the notes before senior management noticed them.
This is shocking because it suggests that the database administrators were already aware of a prior breach, but did nothing to secure the database, or shore up cybersecurity measures.
Most Of China Affected By Shanghai Police Data Leak!
The Shanghai National Police data leak is currently the largest leak of public information ever.
It does not just cover people who live in, or have been in Shanghai. The database actually has information on over 70% of its 1.4 billion population in almost all counties in China.
The data contained information about almost all the counties in China, and I have even discovered data related to a remote county in Tibet, where there are only a few thousand residents.
– Yi Fu-Xian, a senior scientist at the University of Wisconsin-Madison
This massive data leak acutely demonstrates the risk of government collection of data. China notably collects a tremendous amount of data on its citizens, including digital and biological data through facial recognition, iris scanners, social media tracking and phone trackers.
Once such data is leaked, it is forever exposed, putting people at risk of scams, identity theft, or even extortion.
China Censors Coverage Of Shanghai Police Data Leak
The Chinese government and the Shanghai Police have both refused to comment on the massive data leak.
Instead, they started blocking related words on Weibo, like “Shanghai data leak”, “data leak”, “Shanghai national security database breach”, “1 billion citizens’ record leak”.
Censors have also scrubbed news on this data breach from WeChat, with one popular WeChat user telling his 27,000 followers that he had been summoned to be questioned by the police.
China’s major English-language media like CGTN, Global Times, Xinhua, etc. have also not published any story on the Shanghai police data leak, despite public interest and its wide-ranging consequences for China.
Please Support My Work!
Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp
Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.
He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.
- Did Dutch Gov Close Farms To Fight Climate Change?!
- FCC Commissioner Asks Apple + Google To Remove TikTok!
- Are MySejahtera 68808 SMS Messages A Scam?!
- Cloudflare Went Down, Knocking Many Websites Offline!
- TikTok Leak : China Repeatedly Accessed Private User Data!
Go Back To > Cybersecurity | Enterprise | Tech ARP