Jul 05, 2022 10:33:00

22TB of data of about 1 billion people living in China was stolen from the police database and sold for 28 million yen, the biggest possibility of hacking in China's history

It has been revealed that records such as names and addresses of about 1 billion people who are believed to have been stolen from the database of the Shanghai National Police are sold on the online forum at a price of 10 BTC (about 28 million yen). Since the data sample is open to the public, it can be confirmed that some of the information is genuine.

Hacker claims to have stolen data on 1 billion Chinese citizens

https://www.bleepingcomputer.com/news/security/hacker-claims-to-have-stolen-data-on-1-billion-chinese-citizens/

Hacker claims to have stolen 1 bln records of Chinese citizens from police | Reuters
https://www.reuters.com/world/china/hacker-claims-have-stolen-1-bln-records-chinese-citizens-police-2022-07-04/

Vast Cache of Chinese Police Files Reserved for Sale in Alleged Hack --WSJ
https://www.wsj.com/articles/vast-cache-of-chinese-police-files-offered-for-sale-in-alleged-hack-11656940488

According to a post published on an online forum where leaked personal information is traded, a large amount of data of 22 TB or more contains personal information of about 1 billion Chinese people, all in the database of the Shanghai National Police. It is said that it was stolen from. This post was published by a person with the handle 'China Dan' and the data is sold for 10 BTC.

In addition, China Dan has released a sample that contains 75,000 records, which included Chinese names, addresses, IDs, phone numbers, crime records, etc. A Wall Street Journal survey confirms that some information is genuine. Since this post was shared in a blink of an eye, the hashtag 'Information Leakage' was blocked in the Chinese communication app 'Weibo'.

Zhao Changpeng, CEO of crypto exchange Binance, argued that 'a leak was caused by an ElasticSearch database that was accidentally published online by a Chinese government agency,' based on a survey by its intelligence team. He added that it seems to have happened because a government developer mistakenly included credentials when creating a technical blog about China's IT technology exchange platform 'CSDN'.

Apparently, this exploit happened because the gov developer wrote a tech blog on CSDN and accidentally included the credentials.

1 billion records of private citizens' data. ???? https://t.co/vPISm534Tn pic.twitter.com/FpMCGrpx08

— CZ ???? Binance (@cz_binance) July 4, 2022

If ChinaDan's post proves to be accurate, this leak is the biggest case that has affected China and is one of the biggest hacks in history.