Image: Xiangkun ZHU/BleepingComputer
An anonymous threat actor is selling several databases they claim to contain more than 22 terabytes of stolen information on roughly 1 billion Chinese citizens for 10 bitcoins (approximately $195,000).
The announcement was posted on a hacker forum by someone using the handle 'ChinaDan,' saying that the information was leaked from the Shanghai National Police (SHGA) database.
Based on the information they shared regarding the allegedly stolen data, the databases contain Chinese national residents' names, addresses, national ID numbers, contact info numbers, and several billion criminal records.
ChinaDan also shared a sample with 750,000 records containing delivery info, ID information, and police call records. These records would allow interested buyers to verify that the data for sale is not fake.
"In 2022, the Shanghai National Police (SHGA) database was leaked. This database contains many TB of data and information on Billions of Chinese citizens," the threat actor said in his post last week.
"Databases contain information on 1 Billion Chinese national residents and several billion case records, including: Name, Address, Birthplace, National ID Number, Mobile number, All Crime / Case details."
The threat actor confirmed the data was exfiltrated from a local private cloud provided by Aliyun (Alibaba Cloud), part of the Chinese police network (aka public security network).
On Sunday, Binance CEO Zhao Changpeng confirmed that his company's threat intelligence experts spotted ChinaDan's claims and said that the leak was likely due to an ElasticSearch database that a Chinese government agency accidentally exposed online.
"Our threat intelligence detected 1 billion resident records for sell in the dark web, including name, address, national id, mobile, police and medical records from one asian country. Likely due to a bug in an Elastic Search deployment by a gov agency," Zhao said.
"This has impact on hacker detection/prevention measures, mobile numbers used for account takeovers, etc."
Zhao later added that "apparently, this exploit happened because the gov developer wrote a tech blog on CSDN and accidentally included the credentials."
Wall Street Journal reporter Karen Hao reached out to dozens of people who had their data allegedly stolen in the breach and said that some of them confirmed all the info available in the leaked sample.
"At this point, it's impossible to confirm the scale of the data leak, but five of the people who picked up verified all of the case details listed with their name — information that would would be difficult to obtain from any source other than the police," Hao said.
"The other four confirmed basic information like their names before hanging up."
If ChinaDan's claims are proven to be accurate, this would be the most significant data breach ever impacting China and one of the largest in history.
Comments
BCYD - 1 year ago
If you noticed, the URL redirected to a https://divido.org/ which is a public domain auction.
Chinese government will never use a TLD like that.
Also, asking only 10 BTC for such amount of data, it sounds fake and suspicious.
buddy215 - 1 year ago
BCYD.....What do you think the value of 10 BTC is in US dollars and in Euros?
alex2012 - 1 year ago
Not much in todays prices & way less than what most groups usually ask for.
TsVk! - 1 year ago
Outrageous data loss. Who would have thought that profiling the majority of your citizens and then sticking them all in an Elasticsearch database could lead to a massive breach like this. :P
I can see many governments being highly interested in this data, already it has probably already been purchased by the CIA, and if not it will be very soon.
Dodanonnone - 1 year ago
Easy to say, but why not use "encryption by default", always?
jjo5555 - 1 year ago
"Easy to say, but why not use "encryption by default", always?"
Errr. Mate, this database was almost certainly encrypted. It was accessed and searched using the developers credentials.