Massive Data Breach: Personal Information of One Billion Chinese Citizens for Sale on the Darknet

By Riley ThompsonTechnology News

Hacker Offers Data of One Billion Chinese Citizens for Sale on the Darknet

A hacker using the alias ChinaDan has put up several databases for sale on the darknet, allegedly containing over 22 terabytes of information about one billion Chinese citizens. The hacker is asking for 10 bitcoins (about $195,000 USD) for the data dump.

According to ChinaDan, the data was stolen from the Shanghai National Police (SHGA) and includes names, addresses, national ID numbers, contact phone numbers, and information on several billion criminal cases. To prove the authenticity of the leak, the hacker has already released a sample containing 750,000 records. In addition to the information listed above, the sample also includes data on detainee transportation and instructions for drivers.

The hacker claims the data was stolen from a local private Aliyun (Alibaba Cloud) server, which is part of the Chinese police network.

Journalistic Verification

Reporters from the Wall Street Journal attempted to verify the authenticity of the leaked data by contacting people whose information appeared in the database. “Five people confirmed all the information, including details of [legal] cases that would be difficult to obtain from anywhere other than the police. Four more people confirmed basic information, such as their names, before hanging up,” the publication reports.

Industry Response and Possible Cause

The CEO of the Binance cryptocurrency exchange, Changpeng Zhao, also drew attention to this massive leak. He stated on Twitter that his company’s experts believe the breach was caused by an ElasticSearch database that the Chinese government accidentally left unsecured. Later, he added that the attack happened because a government developer wrote a technical blog post on CSDN and accidentally failed to hide login credentials in the post.

Official Silence and Potential Impact

Chinese authorities have so far remained silent and have not commented on the incident. If ChinaDan’s claims are true, this would be the most serious data breach ever to affect China, and one of the largest leaks in history overall.

Leave a Reply