SHANGHAI: A hacker has claimed to have procured a trove of personal information from the Shanghai police on one billion Chin­ese citizens, which tech experts say, if true, would be one of the biggest data breaches in history.

The anonymous internet user, identified as “ChinaDan”, posted on hacker forum Breach Forums last week offering to sell the more than 23 terabytes (TB) of data for 10 bitcoin, equivalent to about $200,000.

“In 2022, the Shanghai National Police (SHGA) database was leaked. This database contains many TB of data and information on Billions of Chinese citizen,” the post said.

“Databases contain information on 1 Billion Chinese national residents and several billion case records, including: name, address, birthplace, national ID number, mobile number, all crime/case details.”

The Shanghai government and police department did not respond to requests for comment on Monday.

The post was widely discussed on China’s Weibo and WeChat social media platforms over the weekend with many users worried it could be real.

The hashtag “data leak” was blocked on Weibo by Sunday afternoon.

Kendra Schaefer, head of tech policy research at Beijing-based consultancy Trivium China, said in a post on Twitter it was “hard to parse truth from rumour mill”.

If the material the hacker claimed to have come from the Ministry of Public Security, it would be bad for “a number of reasons”, Schaefer said.

“Most obviously it would be among the biggest and worst breaches in history,” she said.

Zhao Changpeng, CEO of Binance, said on Monday the cryptocurrency exchange had stepped up user verification processes after the exchange’s threat intelligence detected the sale of records belonging to 1 billion residents of an Asian country on the dark web.

He said on Twitter that a leak could have happened due to “a bug in an Elastic Search deployment by a (government) agency”, without saying if he was referring to the Shanghai police case.

He posted again on Twitter later in the day, saying: “apparently, this exploit happened because the gov developer wrote a tech blog on CSDN and accidentally included the credentials”, referring to the China Software Developer Network.

Software company Elastic said it was incorrect to cite it as the source of the breach. The Shanghai government did not immediately respond to a request for comment on Wednesday.

The claim of a hack comes as China has vowed to improve protection of online user data privacy, instructing its tech giants to ensure safer storage after public complaints about mismanagement and misuse.

Last year, China passed new laws governing how personal information and data generated within its borders should be handled.

Published in Dawn, July 7th, 2022

Opinion

Editorial

Hasty transition
Updated 05 May, 2024

Hasty transition

Ostensibly, the aim is to exert greater control over social media and to gain more power to crack down on activists, dissidents and journalists.
One small step…
05 May, 2024

One small step…

THERE is some good news for the nation from the heavens above. On Friday, Pakistan managed to dispatch a lunar...
Not out of the woods
05 May, 2024

Not out of the woods

PAKISTAN’S economic vitals might be showing some signs of improvement, but the country is not yet out of danger....
Rigging claims
Updated 04 May, 2024

Rigging claims

The PTI’s allegations are not new; most elections in Pakistan have been controversial, and it is almost a given that results will be challenged by the losing side.
Gaza’s wasteland
04 May, 2024

Gaza’s wasteland

SINCE the start of hostilities on Oct 7, Israel has put in ceaseless efforts to depopulate Gaza, and make the Strip...
Housing scams
04 May, 2024

Housing scams

THE story of illegal housing schemes in Punjab is the story of greed, corruption and plunder. Major players in these...