A user of hacker forum Breach Forums claims to have the database of the Shanghai health system in his hands. According to the user, the database contains the personal data of 48.5 million residents and visitors.
The user is known on Breach Forums as ‘XJP’. The user recently offered the database on the hacker forum. According to the user, the database was leaked from Suishenma, the Chinese name for Shanghai’s health system. The system has been in use by all residents and visitors since early 2020.
The hacker initially offered the database for $4,850. The price was later reduced to $4,000. “This DB (database) contains everyone who lives in or visited Shanghai since Suishenma’s adoption”, the user wrote in the ad.
Preview
According to Reuters, the user previewed the data of 47 individuals to back up his claim. The sample included names, Chinese identification numbers, phones and health data. Reuters confirmed the identities of 11 out of 47 individuals. Two individuals added that their identification numbers were incorrect.
The sample does not prove a data breach occurred. The asking price of $4,000 is remarkably low for a data breach of this size. Although it’s possible that the user holds the personal data of Shanghainese residents, the scale and cause of the data breach are unknown.
Suishenma
Suishenma has been mandatory for all Shanghai residents since early 2020. The city has about 25 million residents. The system collects travel data and calculates an individual’s chance of contracting COVID-19. The probability is illustrated with a color code. Residents are required to show the color code when visiting public locations.
Users can access Suishenma through the Alipay app. According to Reuters, user data is managed by the Shanghai government. Reuters reached out to the government, which declined to comment.
Tip: Data privacy: from necessary security step to competitive advantage
2 hours ago
