Unknown hackers claim to have stolen the personal data of one billion Chinese residents by breaking into Shanghai police computer systems. It would be the largest cybersecurity breach in the country’s history.
China has always been particularly active in cyberspace and the cyber-espionage activities of Chinese hackers have also accelerated significantly since the start of the war in Ukraine. In May 2022, a vast cyber-espionage operation was launched against several American, European and Asian companies.
But this time, Beijing finds itself in the place of the victim. Indeed, a group of unknown hackers claim to have stole the personal data of a billion Chinese citizens, after penetrating Shanghai police databases. If this attack is confirmed, it would therefore be the largest cybersecurity breach in the nation’s history.
Also read: Chinese hackers have been spying on the Russian army for months
The data of a billion people for sale on the Dark Web
The hackers claim to have recovered 23 TB of data, which include names, addresses, places of birth, telephone numbers, national identity cards and criminal records. “In 2022, the Shanghai National Police (SHGA) database was leaked. This database contains many TB of data and information on billions of Chinese citizens,” can we read in the announcement posted by the hackers on the dark web.
A user with the nickname “ChinaDan” published on Breach Forums the price set by the group for the purchase of this gigantic data package: 10 Bitcoins, or about $200,000. Note that the magnitude of this alleged leak has caused a shock wave in the Chinese cybersecurity community, questioning the authenticity or not of this leak.
Zhao Changent, founder and CEO of cryptocurrency platform Binance, tweeted on Monday that the company had detected the personal data breach of one billion resident users “in an Asian country without specifying which one. According to him, this leak could have occurred because a bug in the deployment of Elastic Search by a government agency.
Nevertheless, other cybersecurity experts believe that this breach involved a third-party cloud infrastructure partner like AlibabaTencent and Huawei, three of the largest suppliers operating in the Shanghai region.
Source: Bloomberg