A hacker “ChinaDan” has claimed to have stolen records of one billion Chinese citizens from the Shanghai police, which would be one of the biggest data breaches in history if proven.
“ChinaDan” is selling records of Chinese citizens
The hacker named “ChinaDan” is offering to sell more than 23 terabytes (TB) of data in exchange for 10 bitcoins, which is equivalent to about $200,000. ‘ChinaDan’ posted on a hacker forum, Breach Forums; “In 2022, the Shanghai National Police (SHGA) database was leaked. This database contains many TB of data and information on Billions of Chinese citizens,” the post further reads; “Databases contain information on 1 Billion Chinese national residents and several billion case records, including name, address, birthplace, national ID number, mobile number, all crime/case details.”
The hacker has released a sample of 750,000 entries which confirmed his claims. The AFP and cybersecurity experts have also verified some of the citizen data in the sample as authentic. Robert Potter, the co-founder of a cybersecurity firm, said; “It looks like it’s from multiple sources. Some are facial recognition systems, others appear to be census data. There is no verification of the total number of records and I’m skeptical of the one billion citizens number.” The data leak has been widely discussed on China’s Weibo and WeChat social media platforms over the weekend with many users worried it could be real. However, the hashtag “data leak” was blocked by Weibo.
China’s new data protection law
Recently, China passed a new law called the Personal Information Protection Law (PIPL). The new legislation requires data processors to obtain consent from individuals in order to be able to process sensitive types of data, such as biometrics, medical and health data, financial information, and location data. It also requires app makers to offer users options over how their information is or isn’t used.