An anonymous user of a hacker forum claims to hold the personal data of 1 billion Chinese citizens. Although proof is lacking, enterprises are upping their security measures.
The user goes by the forum name of ‘ChinaDan’. In a recent post, the user offered 23 terabytes of data for 10 bitcoin (approximately €195,000). According to the user, the database stems from a data breach at the Shanghai National Police.
“In 2022, the Shanghai National Police (SHGA) database was leaked”, the user writes. “This database contains many TB of data and information on billions of Chinese citizens, including: name, address, place of birth, national ID number, mobile number and criminal case details.”
The post contains a preview of 750,000 files, but there’s no evidence of the data belonging to Chinese residents. Fellow forum users took the message with a pinch of salt. The amount is remarkably low for a data leak of this size. Smaller data leaks are traded for a lot more than €195,000.
A forum administrator closed the discussion on Sunday 3 July. Users have not been able to respond since. One of the respondents posted a bid of 6 bitcoin (about 110,000 euros), but a forum post is no proof of a transaction.
Zhao Changpeng, CEO of crypto exchange Binance, tweeted on Sunday that the post was discovered by his organization’s security system. Changpeng gave an explanation for the leak. “Likely due to a bug in an Elastic Search deployment by a government agency”, he wrote. Changpeng did not clarify why, when and by whom the system in question was deployed.
The CEO called on organizations to strengthen their security measures. Binance’s authentication system was beefed up as a precaution. Media company Reuters tried to reach Changpeng, ChinaDan and the Shanghai government. None responded.