Hackers have claimed responsibility for the acquisition of personal data of more than one billion Chinese residents taken from a Shanghai police database and have offered to sell them.
The incident, if confirmed, would mark one of the largest data breaches in history. It comes as an anonymous user with the handle "ChinaDan" posted on the online hacking forum Breach Forums last week, offering to sell nearly 24 terabytes of data.
Chinese Data Leak
The hackers claimed that the treasure trove of data includes information on one billion Chinese and "several billion case records" for 10 Bitcoin, worth roughly $200,000. The data purportedly includes information such as national identification numbers and mobile numbers. Despite experts saying that the breach is on a massive scale, they noted that potential harm to individuals is relatively limited, as per Komu.
The massive breach also highlights the risks of collecting and storing vast amounts of sensitive personal data online, especially in a country where authorities have broad and unchecked access to such data. The personal information had been publicly accessible via what appeared to be an unsecured backdoor link.
It is a shortcut web address that offers unrestricted access to anyone with knowledge of it and has been open since at least April 2021, said LeakIX, a site that detects and indexes exposed databases online.
Access to the database, which did not require a password, was later shut down after an anonymous user advertised the sale of the massive treasure trove. The anonymous user posted a sample of 750,000 data entries from the three main indexes of the database to prove his claims.
According to CNN, the Shanghai government and police department did not respond to requests for comment regarding the incident. The hackers also claimed that the unsecured database was hosted by Alibaba Cloud, a subsidiary of Chinese e-commerce giant Alibaba. In a statement, Alibaba said that it has become aware of the incident and was already investigating it.
Leak of Public Information
Experts noted that it was the fault of the owner of the data and not the company hosting it that they leaked. A Microsoft regional director based in Australia, Troy Hunt, said that the incident marks the largest leak of public information, especially in terms of the breadth of the impact on China due to its massive scale.
The data breach of more than 1 billion personal data information accounts for roughly 70% of China's 1.4 billion residents. Hunt added that the hack is a little bit of a case where the genie is not going to be able to go back in the bottle.
The situation comes as one prominent Weibo user said that Chinese authorities had removed a post about the data breach and contacted her to discuss the social media activity. On the other hand, messaging app WeChat reportedly removed news related to the breach as well as posts explaining the potential fallout for Chinese citizens whose information was part of the leak. Chinese search engine Baidu displayed few results related to a data breach, the New York Post reported.
Related Article:
Anonymous Hacks Russian Government Websites, Waging 'Cyber War' Against Moscow