Mystery hacker says 1 billion people exposed in ‘biggest hack in history’

Someone known as ‘ChinaDan’ advertised 23TB cache of sensitive data on the dark web

<p>A mystery hacker claims to have stolen 23TB of sensitive data from roughly 1 billion Chinese citizens</p>

A mystery hacker claims to have stolen 23TB of sensitive data from roughly 1 billion Chinese citizens

A mystery hacker has claimed to have stolen a massive batch of data containing sensitive information on roughly a billion Chinese citizens, with cyber experts warning it may be one of the biggest breaches in history.

The 23 terabyte (TB) cache was allegedly stolen from the Shanghai police department and was advertised on hacking forums in the country.

The anonymous internet user, identifying themselves as “ChinaDan”, posted on Breach Forums last week offering to sell the data for 10 bitcoin, equivalent to about £165,000.

“In 2022, the Shanghai National Police (SHGA) database was leaked. This database contains many TB of data and information on Billions of Chinese citizen,” the post said.

“Databases contain information on 1 Billion Chinese national residents and several billion case records, including: name, address, birthplace, national ID number, mobile number, all crime/case details.”

The Wall Street Journal claims to have verified a small portion of the data, while prominent Chinese tech figures have vouched for its authenticity.

Changpeng Zhao, the CEO of leading crypto exchange Binance, said his company had detected a breach, which he said on Twitter was “likely due to a bug in an Elastic Search deployment by a gov[ernment] agency”. He said his firm had stepped up user verification processes following the alleged hack.

The Shanghai government and police department did not respond to requests for comment on Monday.

The post by ChinaDan was widely discussed on China’s Weibo and WeChat social media platforms over the weekend, with many users worried it could be real. The hashtag “data leak” was blocked on Weibo by Sunday afternoon.

Kendra Schaefer, head of tech policy research at Beijing-based consultancy Trivium China, said in a post on Twitter that it was “hard to parse truth from rumour mill”.

If the material the hacker claimed to have came from the Ministry of Public Security, it would be bad for “a number of reasons”, Ms Schaefer said.

“Most obviously it would be among biggest and worst breaches in history,” she added.

The claim of a hack comes as China has vowed to improve protection for online user data, instructing its tech giants to ensure safer storage after public complaints about mismanagement and misuse.

Last year, China passed new laws governing how personal information and data generated within its borders should be handled.

“Organisations and government entities carry a responsibility to consumers and civilians alike to guard their most valuable information at all costs,” Bill Conner, CEO of cybersecurity firm SonicWall and adviser to GCHQ and Interpol, told The Independent.

“Personal information that does not change as easily as a credit card or bank account number drives a high price on the dark web. This kind of personally identifiable information is highly sought after by cybercriminals for monetary gain. Companies should be implementing security best practices such as a layered approach to protection, as well as proactively updating any out of date security devices, as a matter of course.”

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Please enter a valid email
Please enter a valid email
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Must be at least 6 characters, include an upper and lower case character and a number
Please enter your first name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
Please enter your last name
Special characters aren’t allowed
Please enter a name between 1 and 40 characters
You must be over 18 years old to register
You must be over 18 years old to register
Opt-out-policy
You can opt-out at any time by signing in to your account to manage your preferences. Each email has a link to unsubscribe.

By clicking ‘Create my account’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Register for free to continue reading

Registration is a free and easy way to support our truly independent journalism

By registering, you will also enjoy limited access to Premium articles, exclusive newsletters, commenting, and virtual events with our leading journalists

Already have an account? sign in

By clicking ‘Register’ you confirm that your data has been entered correctly and you have read and agree to our Terms of use, Cookie policy and Privacy notice.

This site is protected by reCAPTCHA and the Google Privacy policy and Terms of service apply.

Join our new commenting forum

Join thought-provoking conversations, follow other Independent readers and see their replies

Comments

Thank you for registering

Please refresh the page or navigate to another page on the site to be automatically logged inPlease refresh your browser to be logged in