An anonymous hacker going by the handle ‘ChinaDan’ is selling several databases claiming to have over 23 TB of stolen information on approximately 1 billion Chinese citizens for 10 Bitcoins ($197,085.00 at the time of writing).
‘ChinaDan’ also shared a sample database consisting of 750,000 records containing delivery information, ID information and police call records to prove that their claims aren’t fake.
The threat actor claims the information was leaked from the Shanghai National Police database more specifically, from a local private cloud operated by Aliyun (Alibaba cloud) which is part of the Chinese police network. It contains names, addresses, national ID numbers, contact information and several billion criminal records.
This was further confirmed by Binance CEO Zhao Changpeng. Binance’s threat intelligence team found ChinaDan’s claims and discovered that the leak originated from a bug in an ElasticSearch database that a Chinese government agency accidentally exposed online.
The bug in turn happened because a government developer wrote a tech blog on CSDN and accidentally included the credentials to the database in the code.
Wall Street Journal reporter Karen Hao called up several people from the sample dataset to verify whether or not the hacked details were accurate. At least five different people who answered her calls did end up confirming that the leaked information was in fact, correct.
Currently, there’s no way to tell the exact scale of the breach, however, if ChinaDan’s claims are true, this might just turn out to be the most significant data breach China has ever had to deal with and one of the largest in the world.
In the News: Surface Go 2 comes to India: Price and specs