This article is more than 1 year old

Billion-record stolen Chinese database for sale on breach forum

Appears to have leaked from a cloud thanks to sloppy coding

A threat actor has taken to a forum for news and discussion of data breaches with an offer to sell what they assert is a database containing records of over a billion Chinese civilians – allegedly stolen from the Shanghai Police.

Over the weekend, reports started to surface of a post to a forum at Breached.to. The post makes the following claim:

In 2022, the Shanghai National Police (SHGA) database was leaked. This database contains many TB of data and information on Billions of Chinese citizens.

HackerDan offered to sell the lot for 10 Bitcoin – about $200,000. We've saved HackerDan's post as a PDF in case it vanishes.

HackerDan released sample datasets: one containing delivery addresses and often instructions for drivers; another with police records; and the last with personal identification information like name, national ID number address, height, and gender.

China has a national police force, and that presumably has a Shanghai office. But an entity called the "Shanghai National Police" is hard to find.

Media outlets were nonetheless able to verify that the contents of the sample - whatever the source - describe actual people.

"Five people confirmed all of the data, including case details that would be difficult to obtain from any source other than the police. Four more people confirmed basic information such as their names before hanging up," reported the Wall Street Journal.

The WSJ's reporter Karen Hao described the experience on Twitter:

While the Shanghai government and police department have largely been silent over the leak, social media platforms Weibo and WeChat were not – at least until Sunday afternoon when users on Weibo began experiencing data leak-related blocked hashtags.

On Monday, an unusual voice joined in the analysis of the event: Changpeng Zhao, the CEO of cryptocurrency exchange Binance.

"CZ" – as he's known – took to Twitter with the following:

CZ's post came four days after HackerDan's so, while some facts matched, it was unclear if the CEO was referring to a different event.

He later tweeted again, this time alleging "this exploit happened because the gov developer wrote a tech blog on CSDN and accidentally included the credentials."

Whatever the source of the leak, it will mightily annoy China. The nation's government has recently prioritized personal data protection and critical infrastructure security. If the People's Police have mucked up on both counts, that will not go down well. ®

More about

TIP US OFF

Send us news


Other stories you might like