A hacker claimed to have stolen one billion Chinese residents’ records from Shanghai police in what would rank as possibly the biggest data breach in the country’s history.
A post on the hacker hot-spot Breach Forums listed the information “on one billion Chinese national residents and several billion case records” for sale to the sum of 10 Bitcoin, or roughly $200,000.
The poster, using the name ChinaDan, on Sunday said the trove of information included “name, address, birthplace, national ID number, mobile number, all crime/case details.”
The post remains unverified, but it has drawn immense interest within China and abroad: Users on China’s Weibo and WeChat platforms expressed great concern and distress about the truth of the claim.MORE CHINESE CITIES IMPOSE COVID LOCKDOWNS AS ‘CLUSTERS’ SPREAD
Posters on Breach Forums analyzed a sample of the data and debated the authenticity, largely due to the asking price for such valuable information.
One poster called 10 Bitcoin “too cheap” for government information, especially since “you risk being hunted and killed” for it, Asia Markets reported.
Forum administrators closed the thread Sunday night, with one offer of 6 Bitcoin on the table at the time.
Kendra Schaefer, a partner at consultancy firm Trivium China, said the breach would be “bad, for a number of reasons” if proven authentic.
“Most obviously, this would be among the biggest and worst breaches in history,” Schaefer wrote on Twitter. “Two, China’s Personal Information Protection Law just came out late last year. It requires gov bodies to protect the info of citizens, which if the source is indeed MPS, MPS has failed to do.”
Schaefer shared that the records “also allegedly contain details on case files of minors,” making the breach also a violation of the Minor Protection Law.
“Would be surprised if they don’t also contain files on celebs and minor officials,” she wrote.
One reason the breach may have contained so much information is that the Shanghai police would have access to a national data-sharing system, providing access to more information than a regional police authority would otherwise have.