Security
Headlines
HeadlinesLatestCVEs

Headline

Hacker Selling Shanghai Police Database with Billions of Chinese Citizens Data

By Waqas As seen by Hackread.com, the database is currently being sold for 10 Bitcoin (around $200,000) at the time… This is a post from HackRead.com Read the original post: Hacker Selling Shanghai Police Database with Billions of Chinese Citizens Data

HackRead
#web#intel#alibaba#huawei#auth

****As seen by Hackread.com, the database is currently being sold for 10 Bitcoin (around $200,000) at the time of publishing this article.****

Unidentified hackers claim to have stolen data of more than one billion Chinese citizens, which experts believe could be the largest ever cybersecurity breach in China’s history.

As seen by Hackread.com, the database is currently being sold on a hacker forum which surfaced as an alternative to popular and now-sized Raidforums.

According to the seller, the data was stolen from a database owned by the Shanghai National Police (SHGA) and includes the following information:

  • Name
  • Address
  • Birthplace
  • Mobile number
  • National ID Number
  • All Crime and Case details

Shanghai Police officials are yet to respond to the news. The Cyberspace Administration of China also didn’t release any statement confirming or denying the attack. However, it must be noted that the seller has confirmed that SHGA did not suffer a security breach and that the database was leaked due to misconfiguration.

The hacker forum where the data is being sold (Image credit: Hackread.com)

Stolen Data Up for Sale for 10 Bitcoin

It is worth noting that the hackers who have stolen up to 23 terabytes of data from the Shanghai police database are now selling it for 10 bitcoins, equivalent to $200,000. The Chinese cybersecurity fraternity is currently under great shock as they try to determine the authenticity of these claims.

Binance Confirms the Breach

On Monday, the founder and CEO of Binance cryptocurrency exchange, Zhao Changpeng, tweeted about the incident. However, Changpeng didn’t name the targeted country and only mentioned that “one Asian country” was the victim of this breach.

Binance’s CEO also wrote that these records are up for sale on the Dark Web. Changpeng believes that a flaw in the ElasticSearch database is responsible for the data breach and sensitive data, including national identity, and medical and police records, is also up for sale on the illegal marketplace.

“It is important for all platforms to enhance their security measures in this area. @Binance has already stepped up verifications for users potentially affected,” Changpeng wrote in another tweet.

Our threat intelligence detected 1 billion resident records for sell in the dark web, including name, address, national id, mobile, police and medical records from one asian country. Likely due to a bug in an Elastic Search deployment by a gov agency. This has impact on …

— CZ 🔶 Binance (@cz_binance) July 3, 2022

Cybersecurity experts believe a third-party cloud infrastructure could have caused the breach. For your information, Alibaba, Huawei, and Tencent are prominent external cloud services providers in China.

Not The First Time

The incident should not come as a surprise since China and the United States are “leaders” when it comes to exposing databases online. In fact, a recent report revealed that both countries exposed most databases among 308,000 discovered in 2021.

In March 2019, a database labeled “BreedReady” was found exposing the personal data of 1.8 million Chinese women.

In February 2019, a Chinese facial recognition database was exposed online which leaked tracking and personal details of millions of Chinese Muslims especially Uyghur Muslims. Furthermore, in January 2020, in an unusual incident, the personal data of 56 million Americans were exposed from PC in China.

I am a UK-based cybersecurity journalist with a passion for covering the latest happenings in cyber security and tech world. I am also into gaming, reading and investigative journalism

HackRead: Latest News

Hackers Release Second Batch of Stolen Cisco Data