A hacker claims to have obtained personal information from Shanghai police on 1 billion Chinese citizens in what tech experts say, if true, would be one of the biggest data breaches in history.
The anonymous internet user, identified as ‘ChinaDan’, posted on hacking forum Breach Forums last week offering to sell more than 23 terabytes (TB) of data for 10 bitcoins, equivalent to around $200,000 (£165,000).
“In 2022, the database of the Shanghai National Police (SHGA) expired. This database contains many TB of data and information on billions of Chinese citizens,” the post said.
“The databases contain information on 1 billion Chinese residents and several billion case records, including: name, address, place of birth, national identification number, mobile number, all details of the crime/case.”
Reuters was unable to verify the authenticity of the post.
The Shanghai government and police department did not respond to requests for comment on Monday.
Reuters was also unable to contact self-proclaimed hacker ChinaDan, but the post was widely discussed on Chinese social media platforms Weibo and WeChat over the weekend, with many users worried it might be genuine.
The “data leak” hashtag was blocked on Weibo by Sunday afternoon.
Kendra Schaefer, head of technology policy research at Beijing-based consultancy Trivium China, said in a post on Twitter that it was “difficult to parse the truth from the rumor mill.”
If the material the hacker claimed came from the Department of Public Safety, that would be bad for “a number of reasons,” Schaefer said.
“This will most obviously be among the biggest and worst breaches in history,” she said.
Zhao Changpeng, CEO of Binance, said on Monday that the cryptocurrency exchange has strengthened user verification processes after the exchange’s threat intelligence discovered the sale of records belonging to one billion residents of an Asian country on the dark web.
Sign up for First Edition, our free daily newsletter – every weekday morning at 7am BST
He wrote on Twitter that the leak may have occurred due to a “bug in the implementation of Elastic Search by a (government) agency,” without saying whether he was referring to the Shanghai police case. He did not immediately respond to a request for further comment.
The hack claim comes as China vows to improve privacy protections for online user data by instructing its tech giants to provide more secure storage following public complaints of mismanagement and abuse.
Last year, China passed laws governing how personal information and data generated within its borders must be handled.
Add Comment