Hacker steals records of billion people in major data breach

an anonymous hacker has stated that he has successfully infiltrated the database of the Shanghai Police Department. In doing so, he apparently extracted personal information from as many as one billion Chinese citizens.

The person, ‘ChinaDan’, took full responsibility for the data breach. As reported by Reuters and PCMaghe described the incident on the hacker forum Breach Forums.

An image of a hacker breaking into a system using code.
Getty Images

He is currently offering the massive amount of information for 10 Bitcoins, which at current rates would work out to about $200,000. The above data is said to be equal to 23 terabytes (TB) in size.

Dan said he extracted the files containing the names, addresses and mobile numbers from the database of the Shanghai National Police (SHGA).

He also reportedly managed to access the birthplaces, national ID numbers, and every single crime case involving the one billion citizens, all of whom are mainly based in China.

Currently, Reuters was unable to confirm whether the post’s claim is indeed genuine. The Shanghai government and its police department have not commented on the situation since it came out earlier this week.

That said, Zhao Changpeng, CEO of popular cryptocurrency exchange Binance, confirmed that the company has stepped up its user verification processes. Why? The threat intelligence department found that these records are now being sold on the dark web.

The vulnerability can be attributed to “a bug in an Elastic Search implementation by a government agency, he detailed in a tweet† “This will impact hacker detection/prevention measures, mobile numbers used for account takeovers, etc.”

He continued that “apparently this exploit happened because the government developer wrote a technical blog on CSDN” [the China Software Developer Network] and accidentally added the credentials.”

A large monitor that displays a security breach alert.
Stock Depot/Getty Images

Kendra Schaefer, head of technology policy research at consultancy Trivium China, said if the data were actually obtained through the Ministry of Public Security, it would obviously be bad for “a number of reasons”. It would be most obvious under [the] biggest and worst breaches in history,” she said.

Indeed, if the hacker’s claim is eventually verified, the cyber incident would be considered probable the largest data breach in history.

ChinaDan’s post itself has been generating a significant amount of discussion all weekend on the Chinese social media platform Weibo, as well as WeChat. According to Reuters, the hashtag “data breach” was even blocked on Weibo on Sunday afternoon.

Elsewhere, an underground online marketplace that: sold the personal data of approximately 24 million US citizens was recently shut down. The service’s profits, meanwhile, surpass Dan’s $200,000 asking price — as of April 2015, blockchain analytics firm Chainalysis has confirmed it has found $22 million worth of Bitcoin transactions raised by SSNDOB.

2022 is undoubtedly a busy year for hackers in general. There have been some unprecedented situations related to the hacking scene ranging from various shutdowns like the largest dark web marketplace be taken offlineto Microsoft launches its own cybersecurity initiative to counter the massive increase in cybercrime.

Editor’s Recommendations






Leave a Comment

Your email address will not be published.