The personal information of around a billion Chinese citizens has reportedly been stolen in what could be one of the largest computer heists in history.
An unknown threat actor took to underground forums to announce a 23TB batch of sensitive data, allegedly stolen from a database belonging to a Shanghai police department.
The data is said to contain names, addresses, places of birth, national identification numbers, phone numbers and information about criminal cases in which people are involved. The Wall Street Journal (opens in a new tab) claims to have verified at least a small part of the data.
The mysterious attacker asks for 10 bitcoins in exchange for the data, which translates to around €200 at current market exchange rates.
An error or a mishap?
According to a report by Bloomberg (opens in a new tab), there has been no word from the Shanghai police, and the Cyberspace Administration of China is also silent on the matter.
But last night, Changpeng Zhao, founder and CEO of cryptocurrency exchange Binance, tweeted that the company's threat intelligence unit had detected XNUMX billion resident records offered for sale on the dark web, "probably due to a bug in the deployment of a government agency Elastic Search".
“It affects hacker detection/prevention measures, mobile numbers used for account takeover, etc.” it added. “It is important that all platforms reinforce their security measures in this area. Binance has already stepped up verifications for potentially affected users.
He later added that the attack was "apparently" possible because a government developer wrote a tech blog that "accidentally included the credentials."
Bloomberg reports that some cybersecurity experts, on the other hand, believe that "the breach involved a third-party cloud infrastructure partner," citing Alibaba, Tencent and Huawei among the largest providers serving the region.
Inevitably, an incident like this invites comparisons to previous high-profile cybersecurity breaches that hit China.
In 2016, for example, personal information about dozens of Communist Party officials and industry figures, from Jack Ma to Wang Jianlin, was exposed on Twitter. While in 2020, a group of criminals stole sensitive data from more than 500 million users of the national microblogging platform Weibo.