A Hacker Is Selling the Personal Details of 1 Billion Chinese Citizens

pcmag.com:

A hacker by the name of "ChinaDan" may have just carried out one of the biggest data breaches in history, which if confirmed, would also be very embarrassing for the Chinese government.

As Reuters reports(Opens in a new window), the anonymous hacker is offering to sell the personal data of a billion Chinese citizens via Breach Forums for 10 bitcoins, which currently equates to a value of roughly $200,000. In total, ChinaDan claims to have grabbed 23TB of data from the Shanghai National Police (SHGA) database, which includes the name, address, birthplace, national ID number, mobile number, and all crime/case details of the billion Chinese citizens.

There's currently no way to verify if the breach, and therefore the data, is authentic. As you'd expect, the government and police department in Shanghai isn't commenting. Discussions about the breach on popular Chinese microblogging platform Weibo resulted in the term "data leak" being blocked by censors on the service.

Zhao Changpeng, CEO of cryptocurrency exchange Binance, tweeted yesterday(Opens in a new window) that the company's threat intelligence has detected the sale of the data on the dark web. He also suggested it was "Likely due to a bug in an Elastic Search deployment by a gov agency. This has impact on hacker detection/prevention measures, mobile numbers used for account take overs, etc."

A follow-up tweet(Opens in a new window) today by Changpeng points out the breach apparently happened because a developer working for the government "wrote a tech blog on CSDN and accidentally included the credentials."

If the data leak does turn out to be legitimate, it's a serious blow to the Chinese government's efforts to improve data privacy for its citizens, and heads will