By
A trove of data of more than one billion Chinese residents, allegedly hacked from the Shanghai police, has been listed for sale on the dark web. If verified, it could amount to the biggest data leak in the country’s history.
“In 2022, the Shanghai National Police (SHGA) database was leaked,” read a post dated June 30 on Breach Forums, a popular hacker community.
“Databases contain information on 1 billion Chinese national residents and several billion case records, including name, address, birthplace, national ID number, mobile number, all crime/case details,” the post said.
An anonymous hacker or group claiming the attack wrote the post under the name of “ChinaDan,” and offered to sell the database for ten bitcoin, or roughly $200,000.
The Epoch Times is unable to reach the individual or group claiming the attack, ChinaDan, or confirm the post’s authenticity.
Sample Data
The hacker or the group provided a sample of the more than 23 terabytes (TB) database, which claimed to contain 750,000 records, in three separate assets.
One set includes personal information like individual names, ethnicity, gender, height, phone numbers, address, education background, and in some cases, photo links and labels of “key person” by the public security bureau. The addresses listed in the sample were from across the country, ranging from the far-western Xinjiang region to eastern Jiangsu Province.
Another data dump contains case records that appeared to be reported to the police, including personal information, case description, and filing date. The latest was dated 2019.
A third data set contained phone numbers and addresses, which are labeled for delivery.
A Shanghai municipal government official directed The Epoch Times to the city’s police bureau, while the latter declined to comment on the database report.
Censorship
While Chinese authorities remain silent over the reported database hack, the alleged data leak sparked a wide discussion over the weekend on Weibo and WeChat, the country’s popular social media platforms.
By Sunday afternoon, several related hashtags, such as “data leak,” had already been blocked by the microblogging platform Weibo. The Quora-like Zhihu also appeared to censor the news: a post detailing the alleged data leak was not accessible on Tuesday.
But Chinese netizens continue to share news on it with vague references, such as a data leak in “an eastern Chinese city,” on Tuesday. Many warned about a potential wave of phone fraud if it’s real, while some worried about their privacy, saying the authorities had stepped up information collection under the name of COVID precautions.
The purported data leak also prompted discussions among cybersecurity experts.
Zhao Changpeng, CEO of cryptocurrency exchange Binance, said that the company detected one billion resident records from “one Asian country” being sold on the dark web, without naming the country, according to a Monday post on Twitter.
Kendra Schaefer, head of tech policy research at Beijing-based consultancy Trivium China, said on that same day that it could be among the “biggest and worst breaches in history” if it is confirmed leaked from the Ministry of Public Security.
Luo Ya contributed to the report.