It has been reported that personal information relating to nearly a billion Chinese citizens has been stolen in what could be one of the largest cyber thefts in history.
An unknown perpetrator has taken to secret forums to publicize a batch of 23 terabytes of sensitive data, allegedly stolen from a database belonging to the Shanghai Police Department.
The data is said to contain people’s names, addresses, places of birth, national identification numbers, phone numbers, and information on any criminal cases the individuals are involved in. The Wall Street Journal (Opens in a new tab) It claims to have verified at least a small portion of the data.
The mysterious attacker is asking for 10 bitcoins for the data, which translates to nearly $200,000 at the current market price.
Mistake or mishap?
according to Bloomberg (Opens in a new tab) Report, no word from the Shanghai police, China’s cyberspace administration is also still silent on this issue.
But late last night, Changpeng Zhao, founder and CEO of crypto exchange Binance, tweeted that the company’s threat intelligence unit had detected 1 billion resident records for sale on the dark web, “likely due to a misrepresentation of Elastic Search by a government agency.”
“This has an impact on detection/blocking procedures for hackers, mobile phone numbers used for account takeovers, etc.”, he added. “It is important for all platforms to strengthen their security measures in this area. Binance has already stepped up verifications for potentially affected users.”
He later added that the attack “apparently” became possible because a government developer wrote a tech blog that “mistakenly included the credentials”.
Bloomberg Reports indicate that some cybersecurity experts, on the other hand, believe that “the hack involved an external partner of the cloud infrastructure”, counting Alibaba, Tencent and Huawei among the largest providers serving the region.
Inevitably, an incident of this nature invites comparisons to previous high-profile cybersecurity breaches to affect China.
In 2016, for example, the personal information of dozens of Communist Party officials and industry figures — from Jack Ma to Wang Jianlin — was said to have been disclosed on Twitter. While in 2020, a group of criminals stole the sensitive data of more than 500 million users of the local microblogging platform Weibo.