Tuesday, August 9, 2022

No confirmation yet on claim that data on 1 billion Chinese are in stolen police databases

Cybersecurity experts still can’t confirm the claims of a person selling what they say are databases of stolen information of 1 billion Chinese residents from the Shanghai police department.

According to the Associated Press, the claim was recently made in a post on the online hacking forum Breach Forums by someone using the handle “ChinaDan.” The poster is selling nearly 24 terabytes of data for 10 bitcoin, which would be just under US$200,000.

As of Tuesday night, when this story was written, the police force hadn’t confirmed the theft.

UPDATE: Cybersecurity researcher Bob Diachenko told TechCrunch his monitoring shows the database was exposed in April through a Kibana dashboard, a web-based software used to visualize and search huge Elasticsearch databases. If the database didn’t require a password as believed, the news site says, anyone could have accessed the data if they knew its web address.

There’s confirmation that some stolen data is involved, some of which seem to be from police reports of alleged crimes,  but not the size of the breach. The AP said a sample of data it has seen listed names, birthdates, ages, and mobile numbers. One person was listed as having been born in “2020,” with their age listed as “1,”  which, the news agency said, suggests that information on minors was included in the data obtained in the breach.

The seller has posted what they say is a part of the databases for sale, with 750,000 entries, as confirmation of the hack.

The Bleeping Computer news service quotes a Wall Street Journal reporter saying she reached out to dozens of people allegedly named in the databases for sale, five of whom confirmed data offered is about them.

Similarly, Agence France Press (AFP) said a sample of the supposed confirmation data it saw included Chinese citizens’ names, mobile phone numbers, national ID numbers, addresses, birthdays, and police reports they had filed. AFP and cybersecurity experts verified some of the citizen data in the sample is authentic.

While the data allowed to be seen by the seller is likely real, it can’t be confirmed whether it was from Shanghai police or if it had been assembled from earlier breaches. Nor can the alleged one billion victim number be confirmed.

AFP quoted one official from a cybersecurity firm as being skeptical of that number.

The New York Post quotes the Financial Times saying widely used hashtags such as “data leak” and “1 billion citizens’ records leak” are no longer accessible on the Chinese social media site Weibo.

Would you recommend this article?

Share

Thanks for taking the time to let us know what you think of this article!
We'd love to hear your opinion about this or any other story you read in our publication.


Jim Love, Chief Content Officer, IT World Canada

Featured Download

Howard Solomon
Howard Solomon
Currently a freelance writer, I'm the former editor of ITWorldCanada.com and Computing Canada. An IT journalist since 1997, I've written for several of ITWC's sister publications including ITBusiness.ca and Computer Dealer News. Before that I was a staff reporter at the Calgary Herald and the Brampton (Ont.) Daily Times. I can be reached at hsolomon [@] soloreporter.com

Related Tech News

Our experienced team of journalists and bloggers bring you engaging in-depth interviews, videos and content targeted to IT professionals and line-of-business executives.