Skip to content

Over a billion Chinese citizens at risk as police database get breached

  • by
  • 2 min read

An anonymous hacker going by the handle ‘ChinaDan’ is selling several databases claiming to have over 23 TB of stolen information on approximately 1 billion Chinese citizens for 10 Bitcoins ($197,085.00 at the time of writing).

‘ChinaDan’ also shared a sample database consisting of 750,000 records containing delivery information, ID information and police call records to prove that their claims aren’t fake. 

ChinaDan’s post announcing the hack and selling the database.

The threat actor claims the information was leaked from the Shanghai National Police database more specifically, from a local private cloud operated by Aliyun (Alibaba cloud) which is part of the Chinese police network. It contains names, addresses, national ID numbers, contact information and several billion criminal records.

This was further confirmed by Binance CEO Zhao Changpeng. Binance’s threat intelligence team found ChinaDan’s claims and discovered that the leak originated from a bug in an ElasticSearch database that a Chinese government agency accidentally exposed online. 

The bug in turn happened because a government developer wrote a tech blog on CSDN and accidentally included the credentials to the database in the code. 

Wall Street Journal reporter Karen Hao called up several people from the sample dataset to verify whether or not the hacked details were accurate. At least five different people who answered her calls did end up confirming that the leaked information was in fact, correct.

Currently, there’s no way to tell the exact scale of the breach, however, if ChinaDan’s claims are true, this might just turn out to be the most significant data breach China has ever had to deal with and one of the largest in the world.

In the News: Surface Go 2 comes to India: Price and specs

Yadullah Abidi

Yadullah is a Computer Science graduate who writes/edits/shoots/codes all things cybersecurity, gaming, and tech hardware. When he's not, he streams himself racing virtual cars. He's been writing and reporting on tech and cybersecurity with websites like Candid.Technology and MakeUseOf since 2018. You can contact him here: yadullahabidi@pm.me.

>
Exit mobile version