A hacker who claims to have stolen personal data from a billion Chinese citizens now sells the information online.
Key points:
- Experts said the gap, if confirmed, would be one of the largest in history
- It would also be a major violation of China’s data protection laws
- Some of the leaked data ranges from traffic accidents and thefts to rapes and domestic violence
A sample of 750,000 entries posted online by the hacker, using the “ChinaDan” concept, showed the names of citizens, mobile phone numbers, national identification numbers, addresses, birthdays and police reports they had submitted.
AFP and cybersecurity experts have verified that some of the data from the citizens in the sample are authentic, but the scope of the entire database is difficult to determine.
Announced at a forum late last month, but only picked up by cybersecurity experts this week, the 23-terabyte database, which the hacker claims contains the records of one billion Chinese citizens, is sold for 10 bitcoins ( more than $ 294,000).
“It seems to come from multiple sources. Some are facial recognition systems, others look like census data,” said Robert Potter, co-founder of cybersecurity company Internet 2.0.
Loading
“There is no verification of the total number of registrations and I am skeptical of the number of one billion citizens,” he added.
China maintains a comprehensive national surveillance infrastructure that absorbs large amounts of data from its citizens, apparently for security purposes.
Growing public awareness of data privacy has led to more robust data protection laws targeting private individuals and businesses in recent years, although there is little that citizens can do to prevent the state from collecting. your data.
Some of the leaked data appeared to come from express delivery user records, while other entries contained summaries of incidents reported to police in Shanghai for more than a decade, with the most recent being from 2019.
Incident reports range from traffic accidents and burglaries to rapes and domestic violence.
‘They’ll roll heads’
At least four of the more than a dozen people contacted by AFP confirmed their personal details, such as names and addresses, as included in the database.
“That’s why so many people have been adding my WeChat over the last few days. Should I report it to the police?” said a woman named Hao.
“I am very confused about why my personal data has been leaked,” said another woman named Liu.
In response to the original post, users speculated that the data may have been hacked from an Alibaba Cloud server where it was apparently stored by Shanghai police.
Potter, the cybersecurity analyst, confirmed that the files were hacked from Alibaba Cloud, which did not respond to a request for comment from AFP.
If confirmed, the breach would be one of the largest in history and a major violation of recently passed Chinese data protection laws.
Loading
“Heads will pass over this one,” tweeted Kendra Schaefer, technology partner at research consultancy Trivium China.
China’s cybersecurity administration did not respond to a fax asking for comments.
AFP