Shanghai data leak: China tested by possible largest hack in history
鈥淐hinaDan,鈥 a Chinese hacker, claims to possess the phone numbers, names, and ages of 1 billion Chinese citizens. Although the scale of the leak seems huge, experts say many online advertising companies already get the same type of data when browsing online.
鈥淐hinaDan,鈥 a Chinese hacker, claims to possess the phone numbers, names, and ages of 1 billion Chinese citizens. Although the scale of the leak seems huge, experts say many online advertising companies already get the same type of data when browsing online.
Hackers claim to have obtained a trove of data on 1 billion Chinese from a Shanghai police database in a leak that, if confirmed, could be one of the largest data breaches in history.
In a post on the online hacking forum Breach Forums last week, someone using the handle 鈥淐hinaDan鈥 offered to sell nearly 24 terabytes (24 TB) of data including what they claimed was information on 1 billion people and 鈥渟everal billion case records鈥 for 10 Bitcoin, worth about $200,000.
The data purportedly includes information from the Shanghai National Police database including names, addresses, national identification numbers, and mobile phone numbers as well as case details.
A sample of data seen by The Associated Press listed names, birthdates, ages and mobile numbers. One person was listed as having been born in 鈥2020,鈥 with their age listed as 鈥1,鈥 suggesting that information on minors was included in the data obtained in the breach.
The Associated Press could not immediately verify the authenticity of the data samples. Shanghai police did not immediately respond to a request for comment.
The data leak initially sparked discussion on Chinese social media platforms such as Weibo, but censors have since moved to block keyword searches for 鈥淪hanghai data leak.鈥
One person said they were skeptical until they managed to verify some of the personal data leaked online by attempting to search for people on Alipay using their personal information.
鈥淓veryone, please be careful in case there are more phone scams in the future!鈥 they said in a Weibo post.
Another person commented on Weibo that the leak means everyone is 鈥渞unning naked鈥 鈥 slang used to refer to a lack of privacy 鈥 and it鈥檚 鈥渉orrifying.鈥
Experts said the breach, if confirmed, would be the biggest in history.
Kendra Schaefer, a partner for technology at policy research firm Trivium China, said in a tweet that it鈥檚 鈥渉ard to parse truth from the rumor mill, but can confirm file exists.鈥
Such data leaks are fairly common, according to Michael Gazeley, managing director at Hong Kong-based security firm Network Box.
鈥淭here are approximately 12 billion compromised accounts posted on the Dark Web right now. That鈥檚 more than the total number of people in the world,鈥 he said, adding that a majority of data leaks often come from the United States.
Chester Wisniewski, principal research scientist at cybersecurity firm Sophos, said that the breach is 鈥減otentially incredibly embarrassing to the Chinese government,鈥 and the political harm would probably outweigh damage to the people whose data was leaked.
Most of the data is similar to what advertising companies that run banner ads would have, he said.
鈥淲hen you鈥檙e talking about a billion people鈥檚 information and it鈥檚 static information, it鈥檚 not about where they traveled, who they communicated with or what they were doing, then it becomes very much less interesting,鈥 Mr. Wisniewski said.
Still, once hackers get data and put it online it鈥檚 impossible to fully remove.
鈥淭he information, once it鈥檚 unleashed, is forever out there,鈥 Mr. Wisniewski said. 鈥淪o if someone believes their information was part of this attack, they have to assume it鈥檚 forever available to anyone and they should be taking precautions to protect themselves.鈥
A major cryptocurrency exchange said it had stepped up verification procedures to guard against fraud attempts such as using personal information from the reported hack to take over people鈥檚 accounts.
Zhao Changpeng, CEO of Binance, a cryptocurrency exchange, said in a tweet Monday that its threat intelligence had detected the sale of 鈥1 billion resident records.鈥
鈥淭his has impact on hacker detection/prevention measures, mobile numbers used for account take overs, etc.,鈥 Mr. Zhao wrote in his tweets, before saying that Binance had already stepped up verification measures.
In 2020, a major cyberattack believed to be by Russian hackers compromised several U.S. federal agencies such as the State Department, the Department of Homeland Security, telecommunications firms and defense contractors.
Last year, over 533 million Facebook users had their data published in a hacking forum after hackers scraped its data due to a vulnerability that has since been patched.
The story was reported by The Associated Press. AP journalist Emily Wang in Beijing and researcher Chen Si in Shanghai contributed to this report.