Over 1 Billion Individual Data Leaked Due to Alleged Chinese Police Database Hacking
In a leak that, if verified, could be one of the biggest data breaches in history, hackers might have obtained a wealth of information belonging to over I billion Chinese from a database owned by Shangai police.
Last week, a user going by the handle “ChinaDan” posted a message on Breach Forums (an online hacking forum in China) offering to sell about 24 terabytes of data, which also includes the data of 1 billion people allegedly stolen from Shanghai police. The data was to be sold for 10 Bitcoin, translating to 200,000 USD. The information allegedly includes user names and addresses, as well as mobile phone numbers.
The Associated Press was able to view a section of the data, which included names, ages, birthdates, and phone numbers. They found that one of the victims was born in 2020, which suggests that the information that was stolen also included data that involved minors.
The legitimacy of the data in question could not be immediately confirmed by The Associated Press. An inquiry for comment was also not immediately answered by Shanghai police.
The Shanghai data leak was the subject of a tough debate on popular social media sites in the country, like Weibo. But the moderators have since taken action to restrict keyword searches for the subject.
One person claimed they had been doubtful about the leaked data up until they were able to use one of the victims’ personal details to try and find people on Alipay. Weibo pleaded with everyone to exercise caution and avoid getting into potential phone scams.
Another person wrote on Weibo that it is “horrifying” that people are ‘naked’ and completely exposed as a result of the leak, and there is no guarantee of privacy, even from the government itself.
If confirmed, the breach would be the largest in recorded history, according to experts.
”It can be difficult to verify whether the data leak actually happened. What I am sure of is that the files actually exist, “said Schaefer, who is a technology partner at Trivium China, a policy research company.
“Roughly 12 billion compromised accounts have been published on the Dark Web as of late.” That is more than the whole population of the world, “he added, adding that the majority of data leaks frequently originate in the United States.
A principal research scientist at Sophos said that the hack is “extremely embarrassing” for the Chinese government, and that the political fallout is likely to be worse than the damage to the people whose information was stolen.
According to him, the majority of the data is comparable to that of banner advertising businesses. He added, “It becomes very much less interesting when you’re talking about a billion people’s information and it is static information, not involving the places they traveled, the people they spoke with, or the exact things they did.”
Once such information is released, it will remain public for all time. Therefore, if someone thinks their information was used in the attack, they must assume it is always accessible to everybody and should take security measures to protect themselves.
A renowned cryptocurrency exchange company said it had tightened its verification procedures to stop fraud schemes like using the stolen information to get into other people’s financial records.
The CEO of Binance, Zhao Changpeng, said in a tweet that the company’s threat intelligence had discovered that over 1 billion records of Chinese residents were actually sold.
The company has therefore put in place tools for detecting and preventing hackers, mobile devices used for account takeovers, and other things. Zhao said in his tweets that Binance had already made it harder to get verified before the discovery.
In 2020, a major cyber attack that is thought to have been done by Russian hackers hit a number of U.S. federal agencies, including the Department of Homeland Security, the State Department, telecommunications companies, and defense contractors.
Last year, hackers collected the data of over 533 million Facebook users and posted it on a hacking community. This vulnerability has since been addressed.