Shanghai Cyberattack Exposes Dangers of China’s Data Trove

tech.hindustantimes.com:

Claims of the largest cyberattack in Chinese history have sparked an open debate about the extent to which Beijing hoovers up personal data and uses private firms to safeguard that trove, a discussion that could have ramifications for the broader technology industry in China.

If verified, the purported theft of 23 terabytes of personal information on as many as a billion Chinese citizens from a Shanghai police database would rank as the country’ largest ever known data breach, if not one of the biggest leaks the world has seen. The allegations that emerged over the weekend have set tech circles buzzing and prompted rare public comment from high-profile industry figures such as Binance co-founder Zhao Changpeng.

Questions remain about how the unknown hackers apparently gained access to the trove run by the Ministry of Public Security’s Shanghai branch, which according to online posts included data detailing user activity from most popular Chinese apps, addresses, and phone numbers. A seller had asked for 10 Bitcoin, worth around $200,000, in exchange for the data. 

Many forensic experts agreed there were significant security lapses. To researchers who have examined the underlying source code and database samples, the breadth of the purported data underscores not only the staggering scale of government data collection in the People’s Republic of China but also the numerous risks in how that information is managed.

“The PRC government is likely in crisis mode right now,” said Dakota Cary, a consultant with the Washington-based Krebs Stamos Group. “It seems obvious to ask why Shanghai MPS needed access to all this data, but this is the exact system of surveillance and detail about individuals that the government wants.” 

Chinese