A hacker known only as “ChinaDan” has claimed he stole the personal information of 1 billion Chinese citizens from the police, one of the biggest data breaches ever if true.
The data was apparently taken from the Shanghai National Police database and available to buy for 10 bitcoins on the dark web.
The anonymous hacker posted the offer to sell more than 23 terabytes (TB) of data on Breach Forums last week for the 10 bitcoins, roughly equivalent to $200,000.
“In 2022, the Shanghai National Police (SHGA) database was leaked. This database contains many TB of data and information on billions of Chinese citizen,” the post said.
“Databases contain information on 1 billion Chinese national residents and several billion case records, including: name, address, birthplace, national ID number, mobile number, all crime/case details.”
Yi Fu-Xian, a senior scientist from the University of Wisconsin-Madison, said he found information related to his home county in Hunan province when he downloaded the available sample data on the internet.
“The data contained information about almost all the counties in China, and I have even discovered data related to a remote county in Tibet, where there are only a few thousand residents,” he said.
Zhao Changpeng, CEO of cryptocurrency exchange Binance, said on Monday they had stepped up user verification processes after the exchange’s threat intelligence detected the sale of records belonging to 1 billion residents of an Asian country on the dark web.
He suggested it was “likely due to a bug in an Elastic Search deployment by a (government) agency. This has impact on hacker detection/prevention measures, mobile numbers used for account take overs, etc.”
The government and police department have so far not commented on the alleged breach.
The ChinaDan post was widely discussed on China’s Weibo and WeChat social media platforms during the weekend, with users worrying that it is real.
Discussions about the breach on Weibo led to the term “data leak” being blocked on the platform.
China has seen multiple data leaks in recent years that alarmed authorities. Last year, China passed new laws governing how personal data and information generated within its borders is handled.