An anonymous hacker has claimed to have stolen the personal information of 1 billion Chinese citizens, representing one of the biggest data breaches in history.
Posting on the hacker forum Breach Forums last week, an online user posting under the name ‘ChinaDan’ said they obtained the information from a leaked Shanghai National Police database. They wrote that the databases “contain information on 1 Billion Chinese national residents and several billion case records, including: name, address, birthplace, national ID number, mobile number, all crime/case details.”
ChinaDan used the hacker forum to offer more than 23TB of data from the alleged breach for the price of 10 bitcoin, equivalent to around $200,000.
If proven true, experts believe this would be one of the biggest data breaches ever recorded.
So far, it has not been possible to verify ChinaDan’s claims. Reuters said it had reached out to the Shanghai government and police department for comment but had not received a response.
However, the story appeared to cause significant alarm and discussion on the China social media platforms Weibo and WeChat. Additionally, Zhao Changpeng, CEO of cryptocurrency exchange Binance, said in a Tweet that the firm had detected the sale of records belonging to one billion residents of an Asian country on the dark web and increased user verification processes as a result. This information included “name, address, national id, mobile, police and medical records.”
Changpeng added this was “likely due to a bug in an Elastic Search deployment by a gov agency.”
Commenting on the growing threat of data breaches amid the surging collection of personal information, Bill Conner, CEO and president at SonicWall, stated: “Organizations and government entities carry a responsibility to consumers and civilians alike to guard their most valuable information at all cost. Personal information that does not change as easily as a credit card or bank account number drives a high price on the Dark Web. This kind of Personally Identifiable Information is highly sought after by cyber-criminals for monetary gain. Companies should be implementing security best practices such as a layered approach to protection, as well as proactively updating any out-of-date security devices, as a matter of course.”
Last year, China’s Personal Information Protection Law (PIPL) came into effect, setting out how personal data generated within its borders should be managed.