As seen by Hackread.com, the database is currently being sold for 10 Bitcoin (around $200,000) at the time of publishing this article.
Unidentified hackers claim to have stolen data of more than one billion Chinese citizens, which experts believe could be the largest ever cybersecurity breach in China’s history.
As seen by Hackread.com, the database is currently being sold on a hacker forum which surfaced as an alternative to popular and now-sized Raidforums.
According to the seller, the data was stolen from a database owned by the Shanghai National Police (SHGA) and includes the following information:
- Name
- Address
- Birthplace
- Mobile number
- National ID Number
- All Crime and Case details
Shanghai Police officials are yet to respond to the news. The Cyberspace Administration of China also didn’t release any statement confirming or denying the attack. However, it must be noted that the seller has confirmed that SHGA did not suffer a security breach and that the database was leaked due to misconfiguration.
Stolen Data Up for Sale for 10 Bitcoin
It is worth noting that the hackers who have stolen up to 23 terabytes of data from the Shanghai police database are now selling it for 10 bitcoins, equivalent to $200,000. The Chinese cybersecurity fraternity is currently under great shock as they try to determine the authenticity of these claims.
Binance Confirms the Breach
On Monday, the founder and CEO of Binance cryptocurrency exchange, Zhao Changpeng, tweeted about the incident. However, Changpeng didn’t name the targeted country and only mentioned that “one Asian country” was the victim of this breach.
Binance’s CEO also wrote that these records are up for sale on the Dark Web. Changpeng believes that a flaw in the ElasticSearch database is responsible for the data breach and sensitive data, including national identity, and medical and police records, is also up for sale on the illegal marketplace.
“It is important for all platforms to enhance their security measures in this area. @Binance has already stepped up verifications for users potentially affected,” Changpeng wrote in another tweet.
Cybersecurity experts believe a third-party cloud infrastructure could have caused the breach. For your information, Alibaba, Huawei, and Tencent are prominent external cloud services providers in China.
Not The First Time
The incident should not come as a surprise since China and the United States are “leaders” when it comes to exposing databases online. In fact, a recent report revealed that both countries exposed most databases among 308,000 discovered in 2021.
In March 2019, a database labeled “BreedReady” was found exposing the personal data of 1.8 million Chinese women.
In February 2019, a Chinese facial recognition database was exposed online which leaked tracking and personal details of millions of Chinese Muslims especially Uyghur Muslims. Furthermore, in January 2020, in an unusual incident, the personal data of 56 million Americans were exposed from PC in China.