SHANGHAI: A hacker has claimed to have obtained a wealth of personal data on one billion Chinese citizens from the Shanghai police, which, according to tech experts, if true, would be one of the largest data breaches in history.
Last week, the “ChinaDan” internet user posted on the hacker forum Breach Forums offering to sell the more than 23 terabytes (TB) of data for 10 bitcoin, or roughly $200,000.
“The Shanghai National Police (SHGA) database was compromised in 2022. Many TB of data and information about billions of Chinese citizens are contained in this database “said the post.
“Databases contain information on 1 billion residents who are Chinese nationals and several billion case records, including name, address, birthplace, national ID number, mobile number, and all crime/case details.”
Reuters was unable to confirm the post’s veracity.
On Monday, requests for comment were not answered by the Shanghai police or government.
The self-described hacker, ChinaDan, was also unreachable by Reuters, but over the weekend, the post generated a lot of discussion on Weibo and WeChat in China, with many users concerned that it might be true.
By Sunday afternoon, the hashtag “data leak” had been disabled on Weibo.
It is “hard to parse truth from rumour mill,” wrote Kendra Schaefer, head of tech policy research at the Beijing-based consultancy Trivium China, in a post on Twitter.
The threat intelligence of the cryptocurrency exchange discovered the sale of records belonging to 1 billion residents of an Asian nation on the dark web, according to Zhao Changpeng, CEO of Binance, who announced on Monday that the exchange had tightened user verification procedures.
He suggested on Twitter that a leak may have occurred as a result of “a bug in an Elastic Search deployment by a (government) agency,” but he did not specify whether the Shanghai police case was the subject of his comment. A request for additional comment did not receive a prompt response from him.
The hacking claim comes at a time when China has vowed to strengthen protection of online user privacy, ordering its tech giants to ensure safer storage in response to widespread complaints about improper handling and abuse.
China passed new regulations last year.
