Hackers have claimed to have obtained 1 billion Chinese data from a Shanghai police database through a leak that, if confirmed, could lead to the largest data breach in history.
In a post on the online hacking forum Breach Forum last week, someone offered to sell about 24 terabytes (24 TB) of data using the “ChinaDan” handle in which they claimed that 1 billion people’s data and “a few billion case records” 10 bitcoins, about Worth 200,000.
The information includes names, addresses, national identification numbers and mobile phone numbers from the Shanghai National Police database, as well as case details.
A sample of information seen by The Associated Press lists names, dates of birth, ages and mobile numbers. A person is listed as “born in 2020”, “their age is listed as” 1 “, suggesting that minors are included in the data obtained in case of data breach.
The Associated Press could not immediately verify the authenticity of the data sample. Shanghai police did not immediately respond to a request for comment.
The data leak initially sparked discussion on Chinese social media platforms such as Weibo, but censors have since moved to block keyword searches for “Shanghai data leaks.” One person said they were skeptical until they were able to verify some of the personal data leaked online by trying to find people on Alipay using their personal information.
“Everyone, beware of more phone scams in the future!” They said in a Weibo post.
Another person commented on Weibo that the leak meant everyone was “running naked” _ the slander used to denote a lack of privacy _ and it was “horrible”. Experts say the breach, if confirmed, would be the largest in history.
Kendra Schaefer, technology partner at policy research firm Trivium China, said in a tweet that “it is difficult to analyze the truth from the rumor mill, but it can confirm the existence of the file.” Such leaks are fairly common, according to Michael Gazelle, managing director of Network Box, a Hong Kong-based security firm.
“Now about 12 billion compromised accounts have been posted on the Dark Web. That’s more than the world’s total population, “he said.” Most of the data leaks often come from the United States.
Chester Wisniewski, chief research scientist at cybersecurity firm Sophos, said the breach was “probably incredibly embarrassing to the Chinese government” and that the political damage would probably outweigh the damage to those whose information was leaked.
Most of the advertising agencies that run banner ads match the data, he said.
“When you talk about the information of a billion people and it’s static information, not about where they’ve traveled, who they’ve contacted or what they’re doing, it becomes less interesting,” Wisniewski said.
However, once hackers get the data and put it online, it is impossible to remove it completely.
“The information, once it’s published, stays there forever,” Wisniewski said. “So if anyone believes that their information was part of this attack, they have to assume that it is available to anyone forever and they should be careful to protect themselves.” A major cryptocurrency exchange says it has stepped up verification methods to protect against fraudulent attempts such as hacking into people’s accounts using personal information from reported hacks.
Binance CEO Zhao Changpeng, a cryptocurrency exchange, said in a tweet on Monday that his threatening detectives had identified the sale of “1 billion residential records”. “This affects hacker detection / prevention systems, mobile numbers used for accounting, etc.” Zhao wrote in his tweets, before saying that Binance has already stepped up the verification system.
In 2020, a major cyber attack by Russian hackers resulted in the compromise of several federal agencies, including the United States State Department, Department of Homeland Security, telecommunications firms, and defense contractors.
Last year, more than 533 million Facebook users published their data on hacking forums when hackers scraped its data due to a vulnerability that has since been patched.