HONG KONG –
Hackers claim to have obtained a vast amount of data on one billion Chinese from a Shanghai police database in a leak that, if confirmed, could be one of the largest data breaches in history.
In a post on the online hacking forum Breach Forums last week, someone using the username “ChinaDan” offered to sell nearly 24 terabytes (24 TB) of data, including what he claimed was information on a billion people and “several billion case records” for 10 Bitcoin, worth about $200,000.
The data allegedly includes information from the Shanghai National Police database, including names, addresses, national identification numbers and mobile phone numbers, as well as case details.
A sample of the data seen by The Associated Press included names, dates of birth, ages and mobile phone numbers. One person was listed as being born in “2020,” with her age as “1,” suggesting that information about minors was included in the data obtained in the breach.
The Associated Press could not immediately verify the authenticity of the data samples. Shanghai police did not immediately respond to a request for comment.
The data leak initially sparked discussion on Chinese social media platforms like Weibo, but censors have since blocked keyword searches for “Shanghai data leak.”
One person said they were skeptical until they managed to verify some of the personal data leaked online by trying to search for people on Alipay using their personal information.
“Everyone, please be careful in case there are more phone scams in the future!” they said in a Weibo post.
Another person commented on Weibo that the leak means everyone is “running naked” (the slang is used to refer to a lack of privacy) and is “horrific”.
Experts said the breach, if confirmed, would be the largest in history.
Kendra Schaefer, technology partner at policy research firm Trivium China, he said in a tweet that it is “difficult to analyze the truth of the rumor mill, but it can confirm that the file exists”.
Such data breaches are quite common, according to Michael Gazeley, CEO of Hong Kong-based security company Network Box.
“There are roughly 12 billion compromised accounts posted on the Dark Web right now. That’s more than the total number of people in the world,” he said, adding that most data breaches often come from the US. USA
Chester Wisniewski, a senior research scientist at cybersecurity firm Sophos, said the breach is “potentially incredibly embarrassing for the Chinese government” and that the political damage would likely outweigh the damage to the people whose data was leaked.
Most of the data is similar to what advertising companies running banner ads would have, he said.
“When you talk about the information of a billion people and it’s static information, it’s not about where they traveled, who they communicated with or what they were doing, then it becomes a lot less interesting,” Wisniewski said.
Still, once hackers get hold of the data and put it online, it’s impossible to completely delete it.
“Information, once released, is available forever,” Wisniewski said. “So if someone believes their information was part of this attack, they should assume that it will be available to anyone forever and take precautions to protect themselves.”
A major cryptocurrency exchange said it had stepped up verification procedures to guard against fraud attempts, such as the use of personal information from the reported hack to take over people’s accounts.
Zhao Changpeng, CEO of Binance, a cryptocurrency exchange, he said in a tweet on Monday that its threat intelligence had detected the sale of “one billion resident records.”
“This has an impact on prevention/detection measures for hackers, mobile phone numbers used for account takeover, etc.” Zhao tweeted him, before saying that Binance had already stepped up verification measures.
In 2020, a major cyberattack believed to have been carried out by Russian hackers compromised several US federal agencies, including the Department of State, Department of Homeland Security, telecommunications companies, and defense contractors.
Last year, more than 533 million Facebook users posted their data on a hacking forum after hackers scraped their data due to a vulnerability that has since been patched.
—-
AP reporter Emily Wang in Beijing and researcher Chen Si in Shanghai contributed to this report.