Database breaches and leaks are a pretty big deal, even if they are seemingly more common than they should be. But things are worse for a larger country with a bigger population. In the case of China, a hacker has claimed to have acquired personal data on one billion citizens from the Shanghai police.
As Reuters reports, the hacker is going by the handle of ChinaDan, and is selling over 23TB of data for 10 Bitcoin (~RM893033). The report states that the sale of the data is posted on the hacker forum appropriately known as Breach Forums. Also on the post, the hacker claims that the data includes details like names, addresses, birthplaces, national ID numbers, mobile numbers, crime records and case details.
WSJ points out that the sample posted by the hacker included 750000 records, with cases that range from incidents like petty theft and cyber fraud to domestic violence. These date as far back as 1995, and as recently as 2019. But with the number of people involved, the claimed hack would be among the biggest in the world, let alone the country. Making things worse is the allegation that it came from a government database.
Though on the flip side, WSJ also quotes Troy Hunt, a web-security consultant based in Australia, who points out the possibility that the claim has been exaggerated. Which make sense, since one billion is a large number, even for a country with a population of 1.4 billion.
Apparently, this exploit happened because the gov developer wrote a tech blog on CSDN and accidentally included the credentials.
1 billion records of private citizens' data. 😠https://t.co/vPISm534Tn pic.twitter.com/FpMCGrpx08
— CZ 🔶 BNB (@cz_binance) July 4, 2022
According to the report, the anonymous hacker also claimed that the data set was obtained via a breach targetting Aliyun, a cloud computing subsidiary of Alibaba Group. The report also states that the company is aware of the incident and is investigating. Though Zhao Changpeng, CEO of Binance, made an interesting observation on Twitter, stating that “the exploit happened because the gov developer wrote a tech blog on CSDN and accidentally included the credentials”.
(Source: Reuters, WSJ, Zhao Changpeng / Twitter via Engadget)
Follow us on Instagram, Facebook, Twitter or Telegram for more updates and breaking news.