In one of the biggest data breach episodes in the history of the world, a hacker stole at least one billion Chinese residents’ records from Shanghai police.
The compromised records include names, addresses, national ID numbers, contact numbers, birthplaces, and all the crime details of the citizens.
Hacker Asked For Ransom
Just last week, an anonymous user “ChinaDan” posted on a hackers’ online community Breach Forums about the data breach.
The user offered to sell over 23 terabytes of data for ten bitcoins, which is roughly equal to $200,000 these days.
While the authenticity of the post remained unverified, it sent shockwaves among citizens and the government equally. The data breach became the talk of the town on China’s WeChat and Weibo online platforms, as users expressed fears regarding their safety.
A database purportedly containing information about one billion Chinese residents has been listed for sale on Breach Forums for 10 Bitcoin, or approximately US$200,000. #databreachhttps://t.co/n18ru0qZlg
— DevaOnBreaches (@DevaOnBreaches) July 4, 2022
As the news went viral in China, the social unrest was so severe that Weibo ended up blocking #dataleak from trending on Sunday.
A senior scientist at the University of Wisconsin-Madison, Yi Fu-Xian, noted he downloaded the sample data available at the forum, which revealed crucial details about this home county in Hunan province.
He added all the counties of China had been compromised in this data breach; the situation looks scarier than the preliminary reports.
However, some market analysts were suspicious of the authenticity of the claims, especially seeing the asking price for such valuable information.
According to Asia Markets, ten bitcoins were “too cheap” for this type of information, as the hacker risked his whole life for this purpose.
— Hi26100 (@770_hi26100) July 4, 2022
Forum admins closed the thread on Sunday night at a time when the bid of six bitcoins was already on the table.
Chinese Government Now Looks More Suspicious
Kendra Schaefer, a partner at a think tank, Trivium China, noted the breach would pose significant threats for numerous reasons. Firstly, this will be the biggest data breach in the history of the country, which is a scary thing in itself.
Secondly, this will mark a big failure of the Ministry of Public Security (MPS) in China, as the law for the protection of citizens’ data was just introduced last year in the country.
Reportedly, this data breach will further push the Chinese government into hot water, which is already considered suspicious by many watchdogs.
In the presence of an impenetrable state-driven framework and laws with stringent punishment, it is extremely difficult for hackers to steal the core database of the country without internal support.
The hack compromised the data of more than 70% of Chinese citizens. Schaefer also highlighted the data breach of this extent means minors are at the receiving end, which is a violation of the Minor Protection Law of China.
Most often, regional police authorities have no access to this sort of nationwide database. Though reportedly, Shanghai Police had access to the national data-sharing system of the country, which was exploited by hackers to penetrate into the countrywide database.