Record Cyber Breach in China Spurs Eruption in Data for Sale

tech.hindustantimes.com:

Since the data of about roughly 1 billion Chinese citizens appeared for sale on a popular dark web forum in June, researchers have observed a surge in other kinds of personal records from China appearing on cybercriminal marketplaces.

In the aftermath of that record leak, an estimated 290 million records about people in China surfaced on an underground bazaar known as Breach Forums in July, according to Group-IB, a cybersecurity firm based in Singapore. In August, one seller hawked personal information belonging to nearly 50 million users of Shanghai's mandatory health code system, used to enforce quarantine and testing orders. The alleged hoard included names, phone numbers, IDs and their Covid status -- for the price of $4,000.

“The forum has never seen such an influx of Chinese users and interest in Chinese data,” said Feixiang He, a researcher at Group-IB. “The number of attacks on Chinese users may grow in the near future.”

Bloomberg was unable to confirm the authenticity of the datasets for sale on Breach Forums. The website, like other markets where illicit goods are sold, has been home to false advertisements meant to generate attention, as well as legitimate data apparently stolen in security incidents, including an instance where users marketed user information taken from Twitter Inc.

The interest in leaked Chinese data has trained a spotlight on the vast amount of information that government officials collect through Beijing's sprawling surveillance apparatus. In the summer incident, the unknown hackers claimed to have stolen data of about 1 billion Chinese residents after their discovery of an unsecured Shanghai police database, laying bare significant vulnerabilities in how government agencies store citizens'