Tag Archives: Database

Shanghai Police Data On 1 Billion Chinese Citizens Leaked!

Shanghai Police Data On 1 Billion Chinese Citizens Leaked!

A hacker is selling data on a billion Chinese citizens, that he stole from the Shanghai national police database!

Find out what’s going on, and what this data breach entails!


Shanghai Police Data On 1 Billion Chinese Citizens Leaked!

A hacker who called himself “ChinaDan” posted in the Breach Forums that he hacked into the Shanghai National Police (SHGA) database and stole more than 23 terabytes of data.

He is offering to sell data on 1 billion Chinese citizens, including their name, address, birthplace, national ID number and mobile numbers, for 10 bitcoins – which is currently worth about US$204,285 / €200,227.

In 2022, the Shanghai National Police (SHGA) database was leaked. This database contains many TB of data and information on billions of Chinese citizen.

Databases contain information on 1 billion Chinese national residents and several billion case records, including: name, address, birthplace, national ID number, mobile number, all crime/case details.

He also posted a sample of 750,000 data entries from the three main indexes of the database, for potential buyers to evaluate.


Shanghai Police Database Left Unsecured For 14 Months!

ChinaDan claimed that the SHGA database was left unsecured on an Alibaba Cloud server. This was confirmed by several cybersecurity experts who had earlier stumbled upon the same database.

Even worse, the database was apparently left unsecured for at least 14 months! Vinny Troia – the founder of dark web intelligence first, Shadowbyte, said that he first discovered the SHGA database “around January” 2021.

Troia even downloaded one of the main indexes of the SHGA database, which contained information on nearly 970 million Chinese citizens (at that time).

And best of all – they made the data available to anybody who registers for an account!

The site that I found it on is public, anybody (could) access it, all you have to do is register for an account. Since it was opened in April 2021, any number of people could have downloaded the data.

Either they forgot about it, or they intentionally left it open because it’s easier for them to access. I don’t know why they would. It sounds very careless.

Read more : Did Hackers Release Pfizer + Moderna Vaccine Death Data?!


This Was Second Hack Of Shanghai National Police Database!

Bob Diachenko – a Ukrainian cybersecurity researcher – discovered the database independently in April, and noticed that the databased was attacked in mid-June by a hacker who copied the data, destroyed the copy on the server and left a ransom note demanding 10 bitcoins for its recovery.

By July 1, the ransom note disappeared, but only 7 gigabytes of data was available on the server, instead of the earlier 23 TB.

It is unknown if this data ransom “hack” was performed by ChinaDan, or a different hacker.

Diachenko said that the unsecured and exposed database continued to be used after that, until it was shut down over the weekend, after news of the data leak broke.

Maybe there was some junior developer who noticed it and tried to remove the notes before senior management noticed them.

This is shocking because it suggests that the database administrators were already aware of a prior breach, but did nothing to secure the database, or shore up cybersecurity measures.

Read more : Was Facebook Taken Down By 13 Year-Old Chinese Hacker?


Most Of China Affected By Shanghai Police Data Leak!

The Shanghai National Police data leak is currently the largest leak of public information ever.

It does not just cover people who live in, or have been in Shanghai. The database actually has information on over 70% of its 1.4 billion population in almost all counties in China.

The data contained information about almost all the counties in China, and I have even discovered data related to a remote county in Tibet, where there are only a few thousand residents.
– Yi Fu-Xian, a senior scientist at the University of Wisconsin-Madison

This massive data leak acutely demonstrates the risk of government collection of data. China notably collects a tremendous amount of data on its citizens, including digital and biological data through facial recognition, iris scanners, social media tracking and phone trackers.

Once such data is leaked, it is forever exposed, putting people at risk of scams, identity theft, or even extortion.


China Censors Coverage Of Shanghai Police Data Leak

The Chinese government and the Shanghai Police have both refused to comment on the massive data leak.

Instead, they started blocking related words on Weibo, like “Shanghai data leak”, “data leak”, “Shanghai national security database breach”, “1 billion citizens’ record leak”.

Censors have also scrubbed news on this data breach from WeChat, with one popular WeChat user telling his 27,000 followers that he had been summoned to be questioned by the police.

China’s major English-language media like CGTN, Global Times, Xinhua, etc. have also not published any story on the Shanghai police data leak, despite public interest and its wide-ranging consequences for China.

Read more : Chinese Media Accidentally Leaks Ukraine Censorship Order!


Please Support My Work!

Support my work through a bank transfer /  PayPal / credit card!

Name : Adrian Wong
Bank Transfer : CIMB 7064555917 (Swift Code : CIBBMYKL)
Credit Card / Paypal : https://paypal.me/techarp

Dr. Adrian Wong has been writing about tech and science since 1997, even publishing a book with Prentice Hall called Breaking Through The BIOS Barrier (ISBN 978-0131455368) while in medical school.

He continues to devote countless hours every day writing about tech, medicine and science, in his pursuit of facts in a post-truth world.


Recommended Reading

Go Back To > Cybersecurity | EnterpriseTech ARP


Support Tech ARP!

Please support us by visiting our sponsors, participating in the Tech ARP Forums, or donating to our fund. Thank you!

Lazada RedMart Data Breach : What You Need To Know!

Lazada just admitted that a data breach involving their RedMart customer database that could affect some 1.1 million customers!

Find out what happened, and what it could mean for Lazada and RedMart customers!


Lazada RedMart : What Is It?

RedMart is an online grocery platform in Singapore that was founded in August 2011.

Lazada acquired RedMart in November 2016, and started to integrate it into their platform in March 2019.

This March 2019 date is important, because that was when the RedMart database was last updated.


Lazada RedMart Data Breach : What Happened?

The Lazada RedMart database was spotted for same in an online forum, amongst many other databases stolen from other e-commerce websites.

In this screenshot, you can see that it claims to have details on 1.1 million Lazada RedMart customers :

  • Email address
  • Password
  • Mailing address
  • Name
  • Phone number
  • Partial credit card information

Picture Credit : CNA

In a statement posted on 30 October 2020, Lazada confirmed the data breach involving their RedMart database.

They assert that only the old RedMart database that was “18 months out of date” when it was last updated in March 2019.

Singapore, 30 October 2020 – Lazada places great importance on protecting your personal information, and we value the trust you have placed with us. On 29 October 2020, as part of our proactive monitoring, our cybersecurity team discovered a data security incident in Singapore, involving a RedMart-only database hosted on a third-party service provider. The customer data hosted on this database is more than 18 months out of date as it was last updated in March 2019.

The customer information that was illegally accessed include the names, phone numbers, emails, addresses, encrypted passwords and partial credit card numbers of RedMart customers. We have taken immediate action to block unauthorised access to the database. This data was used on the previous RedMart app and website, which are no longer in use. Lazada customer data in Southeast Asia is not affected by this incident.

Protecting the data and privacy of our users is of utmost importance to us. Apart from reviewing and fortifying our security infrastructure, we are working very closely with the relevant authorities on this incident and remain committed to providing all necessary support to our users.

We want to be transparent about this incident with all of our customers and reassure you that we are taking it seriously.

They also set their platform to log out all Lazada users, and require them to register a new password.

They are also warning their users to be on the alert for spam mails requesting personal information.


Lazada RedMart Data Breach : What’s The Implication?

A Data Breach Is A Data Breach Is A Data Breach

Lazada may claim that the data and privacy of their users are of the utmost importance, but the data breach says otherwise.

They left a database they no longer used since March 2019 on a third-party service provider, and accessible online all this time.

Any half-decent cybersecurity specialist would have told them to take the database offline, unless it was essential to the operation of the website.

Closing The Barn Door After The Horses Have Bolted

Lazada immediately blocked unauthorised access to their RedMart database, but that’s like closing the barn door after the horses have bolted.

Once the data was stolen, all it does is prevent other attackers from stealing the data for themselves.

Lazada Migrated RedMart Users In March 2016

It seems a little disingenuous for Lazada to announce that the data was used in “the previous RedMart app and website, which are no longer in use“.

They appear to have migrated RedMart users to Lazada on 15 March 2016 using the same data that was just stolen.

Unless RedMart users changed their passwords, addresses, phone numbers, email addresses or credit card details AFTER they were migrated to the Lazada platform, they remain exposed by the data breach.

The Data Isn’t Necessarily Outdated

Most of us don’t change our logins and passwords that often. And we often reuse the same login and password combination for different websites.

So it is scant assurance that their RedMart database was last updated in March 2019, even if we take their word that it was more than 18 months out of date.

This data breach exposes all affected RedMart users to the possibility of their other accounts being breached as well.

Only Ex-RedMart Users Affected

The only saving grace we can see here is that it looks like only former RedMart users are affected by this data breach.

That means Lazada users who never registered or used the RedMart app or website are not affected.


Lazada RedMart Data Breach : What Can You Do?

If you ever registered for, or used, RedMart before their migration to the Lazada platform in March 2016, we highly recommend that you :

  • change your Lazada password
  • change the password of accounts that use the same password as your Lazada / RedMart account
  • do NOT click on links in emails warning you about this data breach and asking you to change your password
  • do NOT respond to calls or messages warning you about this data breach
  • do NOT respond to requests for personal information


Recommended Reading

Go Back To > Cybersecurity | Business | Home


Support Tech ARP!

If you like our work, you can help support us by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

The Dell EMC PowerEdge 2019 Server Updates Revealed!

Dell has just announced details of the Dell EMC PowerEdge 2019 server updates. Here is a quick primer on the newly-refreshed Dell EMC PowerEdge servers and OpenManage systems management.


The Dell EMC PowerEdge 2019 Server Updates

The Dell EMC PowerEdge 2019 servers will come with new features like Openmanage FlexSelect Manage, and OpenManage FlexSelect Secure.

Both these features will provide greater flexibility in managing and securing the PowerEdge 2019 servers.

Greater Control

FlexSelect Manage offers customers new flexibility in selecting OpenManage Enterprise capabilities to streamline management efficiency.

Enhancements to the Redfish-compliant Dell EMC RESTful API and OpenManage Mobile also gives customers greater control of their server operations and devices.

Customers can reduce time by using fewer steps to maintain server health by 28%, compared to manually retrieving server logs.

Enhanced Security

OpenManage Secure Enterprise Key Manager Scale provides data protection and streamlines the management of self-encrypting drives.

Customers can centrally manage keys for self-encrypting drives to better secure data at both the drive and server level.

Improved Performance and Scalability

The Dell EMC PowerEdge 2019 servers are powered by the 2nd Generation Intel Xeon Scalable processors, increasing their performance by up to 40% for core business applications.


Dell EMC PowerEdge 2019 Server Availability

These new Dell EMC PowerEdge 2019 servers and systems will be available beginning Q2 2019 :

  • Dell EMC OpenManage
  • Dell EMC PowerEdge R940, R740, R740xd, R740xd2, R640, and C6420 servers (with 2nd Generation Intel Xeon Scalable processors)
  • Other Dell EMC PowerEdge servers like PowerEdge MX
  • Dell EMC Ready Solutions for HPC with Intel Deep Learning Boost

Also available in Q2 2019 is the Intel Optane DC persistent memory hands-on trials through a Dell EMC customer proof of concept program and Dell Technologies Customer Solution Centers.


Recommended Reading

Go Back To > Enterprise + Business | Home


Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participating in the Tech ARP Forums, or even donating to our fund. Any help you can render is greatly appreciated!

Dell SharePlex 2016 Release Announced

May 11, 2016 MalaysiaDell has announced a major new release of its award-winning SharePlex database replication and near real-time data integration solution. Continuing its evolution beyond traditional Oracle-to-Oracle replication capabilities, the latest release of Dell SharePlex enables users to replicate Oracle data directly to SAP HANA, Teradata, or EnterpriseDB Postgres.

In keeping with the focus of Dell’s robust portfolio of systems and information management solutions, the new release of Dell SharePlex empowers organizations to spend less time worrying about how to migrate data onto these modern platforms, and more time fueling innovation by driving reporting and analytics initiatives forward.

With the latest Dell SharePlex release, organizations can reduce the risk of migrations to SAP HANA, Teradata, or EnterpriseDB Postgres Advanced Server with a proven solution that replicates data in near real-time with no impact to the production database – and does so at half the cost of other leading database replication solutions. With the addition of support for SAP HANA, Teradata, and EnterpriseDB Postgres, SharePlex now supports a host of target environments, including Oracle, Microsoft SQL Server, SAP ASE, Java Message Service (JMS), SQL and XML Files.


Empowering organizations to drive innovation

Growing pressure to lower operational costs, introduce new applications and better manage sophisticated analytics requirements without sacrificing functionality has led organizations to seek out efficient, cost-effective database alternatives spanning on-premises, cloud and open source technology.

With a wide range of innovative new database platforms to choose from, organizations are moving away from single-platform consolidation and deploying a variety of database types to lower costs and better align with business and analytics objectives.

The expanded platform support from Dell SharePlex gives organizations the agility and flexibility needed grow, diversify and modernize their database infrastructure to better leverage improved performance from in-memory databases and better manage evolving analytic requirements.

[adrotate group=”2″]


Delivering ZeroIMPACT migrations across heterogeneous environments

Regardless of the target, transforming database infrastructure is a major undertaking for companies of all sizes. Whether implementing new production databases on-premises or in the cloud, or offloading data for reporting and analytics use cases, SharePlex enables organizations to migrate and upgrade their environments while ensuring high availability of mission-critical applications.

With the latest release of Dell SharePlex, organizations migrating to SAP HANA, Teradata, or EnterpriseDB Postgres can achieve dramatically reduced downtime, deploy unlimited practice runs with no impact to the production environment, and put control of scheduling back in the hands of the IT team.


Dell SharePlex Availability

  • The new release of Dell SharePlex will be generally available on May 24, 2016.
  • Dell SIM solutions, including Dell SharePlex, are available both direct and through channel partners

Go Back To > Enterprise | Home


Support Tech ARP!

If you like our work, you can help support our work by visiting our sponsors, participate in the Tech ARP Forums, or even donate to our fund. Any help you can render is greatly appreciated!