In one of the biggest data breach episodes in the history of the world, a hacker stole at least one billion Chinese residents’ records from Shanghai police. The compromise record comprises name, address, national ID numbers, contact numbers, birthplace, and all the crime details of the citizens.
The Hacker Asked for Ransom
Just last week, an anonymous user “ChinaDan” posted on hacker’s online community Breach Forums about the data breach and offered to sell over 23 terabytes of data for 10 bitcoins, which is roughly equal to $200,000 these days.
While the authenticity of the post remained unverified, it sent shockwaves among citizens and the government equally. The data breach became the talk of the town on China’s WeChat and Weibo online platforms as the users expressed fears regarding their safety.
A database purportedly containing information about one billion Chinese residents has been listed for sale on Breach Forums for 10 Bitcoin, or approximately US$200,000. #databreachhttps://t.co/n18ru0qZlg— DevaOnBreaches (@DevaOnBreaches) July 4, 2022
As the news went viral in China, the social unrest was so severe that Weibo ended up blocking #dataleak from trending on Sunday.
A senior scientist at the University of Wisconsin-Madison, Yi Fu-Xian, noted that he downloaded the sample data available at the forum, which revealed crucial details about this home county in Hunan province..
He added that all the counties of China had been compromised in this data breach, and the situation looks scarier than the preliminary reports.
However, some market analysts were suspicious of the authenticity of the claims, especially seeing the asking price for such valuable information. According to Asia Markets, 10 bitcoins were “too cheap” for this type of information, as the hacker risked his whole life for this purpose.
Forum admins closed the thread on Sunday night at a time when the bid of 6 bitcoins was already on the table.
Chinese Government Now Looks More Suspicious
Kendra Schaefer, a partner at a think tank, Trivium China, noted that the breach would pose significant threats for numerous reasons. Firstly, this will be the biggest data breach in the history of the country, which is a scary thing in itself.
Secondly, this will mark a big failure of the Ministry of Public Security (MPS) in China as the law for the protection of citizens’ data was just introduced last year in the country.
Reportedly, this data breach will further push the Chinese government into hot waters, which is already considered suspicious by many watchdogs.
In the presence of an impenetrable state-driven framework and laws with stringent punishment, it is extremely difficult for hackers to steal the core database of the country without internal support, which has compromised the data of more than 70 % of Chinese citizens.
Schaefer also highlighted that the data breach of this extent also means that minors are also at the receiving end, which is a violation of the Minor Protection Law of China.
Most often, regional Police authorities have no access to this sort of nationwide database. But reportedly, Shanghai Police had access to the national data-sharing system of the country, which was exploited by hackers to penetrate into the countrywide database.