In a major potential breach, a hacker offers to sell a database of Chinese police.

In what may be one of the largest known personal data breaches in China, a hacker is offering for sale a Shanghai police database that could contain information about perhaps a billion Chinese citizens.

While it was not possible to immediately verify the scale of the leak, which the hacker said in a forum post included terabytes of information about a billion Chinese, The New York Times was able to verify parts of a sample of 750,000 hacker records. published to demonstrate the authenticity of the data.

The unidentified person or group is selling the data for 10 Bitcoin, or about $ 200,000.

In recent years, the Chinese government has worked hard to tighten controls on a leaking industry that has fueled Internet fraud. However, the focus of this application has often focused on technology companies. The government itself, which has long struggled to adequately protect the amount of data it collects about citizens, is often exempt from strict rules and sanctions targeting Internet companies.

In the past, when so-called white-hat hackers reported small leaks, which seek out and report vulnerabilities, Chinese regulators warned local authorities to better protect data. Still, securing discipline has been difficult. With police presiding over one of the most invasive surveillance devices in the world, the responsibility for protecting the data collected often lies with local officials who have little experience in data security surveillance. As a result, problems have persisted in which databases are left open to the public or become vulnerable to relatively weak safeguards.

Despite this, the public in China often expresses confidence in the handling of data by the authorities and usually considers private companies to be less reliable. Government leaks are often closely censored. Since the news of the Shanghai police breach emerged and went viral on the Internet, it has been mostly censored. Chinese state media have not written about the news.

Although it was possible to verify samples provided by the hacker, it has not been established whether it contains as much data as claimed.

Still, the samples released appear to be real. One sample contained personal information of 250,000 Chinese citizens, including name, gender, address, government-issued identification number and year of birth. In some cases, one could even find the profession, marital status, ethnicity, level of education and whether the person has been labeled as a “key person” by the country’s public security ministry.

Another set of samples included police case records, which included reports of reported crimes, as well as personal information such as phone numbers and identifications. The cases dated from 1997 to 2019. The other set of samples contained information that appeared to be people’s partial cell phone numbers and addresses.

When a Times reporter called the phone numbers of the people whose information was in the sample data from police records, four people confirmed the details. Four more people who picked up the phone confirmed their names before hanging up. None of the people contacted said they had any prior knowledge about data filtering.

In one case, the data provided the name of a man and said that in 2019, he reported to the police a scam in which he paid about $ 400 for cigarettes that turned out to be flowery. The individual, contacted by telephone, confirmed all the details described in the leaked data.

The Shanghai Public Security Bureau has repeatedly refused to answer questions about the hacker’s claim. Multiple calls to China’s Cybersecurity Administration went unanswered on Tuesday.

On Chinese social media platforms, such as Weibo and the WeChat communication app, posts, articles, and hashtags about data filtering have been removed. On Weibo, the accounts of users who have posted or shared related information have been suspended, and others who have spoken about it have said online that they have been asked to visit the police station to chat.

Leave a Comment

Your email address will not be published. Required fields are marked *