A billion worth of Chinese citizens’ information had been allegedly stolen by an unidentified hacker who posted the database on a dark web forum and sold it for 10BTC or about $195,000. Reports show that the stolen database has summed to 22TB and is said to have been breached from the Shanghai National Police (SHGA)’s networks.
With an account username ‘ChinaDan,’ the anonymous hacker posted their announcement on a dark web forum, adding that the database includes the sensitive information of Chinese nationals, such as their names, residential addresses, national ID numbers, contact details, and criminal records from those with felonious histories.
To prove that the stolen database was real, the hacker leaked a sample of 750K records that contained Chinese individuals’ delivery info, identification details, and police call archives.
From ChinaDan’s post, they explained that the stolen database originated from the data breach incident on Shanghai National Police (SHGA) that transpired some time this year. The leak included massive terabytes of data from Chinese nationals alongside their personal information and criminal case records.
Additionally, the hacker said they had collected the database from Alibaba’s cloud computing unit, ‘Aliyun,’ used by the Chinese police in their public security networks.
As a part of an incident response investigation, security teams were deployed and confirmed that the data breach on SHGA was caused by an accidental exposure of the ElasticSearch database by a Chinese government group. The researchers also verified finding the billion leaked records of Chinese residents on the dark web being sold by hackers.
The experts are concerned about the data leak’s impact on the safety of the affected people and said that the information included in the stolen database could be used for malicious intents, such as account takeovers.
Security experts believe that if the data breach claimed by ChinaDan that holds billions of records from Chinese individuals is accurate, it would be one of the biggest cybersecurity compromises in China’s history.
