Back to the list

Hacker Offers to Sell 23 Terabytes of Stolen Data Belonging to Chinese Citizens for 10 Bitcoin


btcmanager.com 04 July 2022 18:00, UTC
Reading time: ~3 m

A hacker going by the pseudonym ChinaDan has claimed that he is selling about 23 terabytes of stolen personal information belonging to more than one billion Chinese citizens.

Stolen Data Is Available For Sale

In a thread on an illicit hacking community portal called Breach Forums, ChinaDan claimed to have hacked the Shanghai National Police database sometime in 2022 and made off with the information.

According to the hacker, the data consisted of names, addresses, places of birth, national ID numbers, mobile phone numbers, and even criminal case details of at least a billion Chinese residents.

The person has since offered to sell the information for 10 Bitcoin (BTC), which is about $200K at current market rates.

Hacker Might Have Exploited Bug in Search Engine

The sheer scale of the purported breach has led to numerous speculations about how it could have taken place and whether the claim was credible in the first place.

In an apparent reference to the incident, Binance CEO Zhao Changpeng wrote in a tweet late on Sunday that his organization’s threat intelligence system had detected a billion resident records “from one Asian country” had been put up for sale on the dark web.

While Zhao did not specify which country he was talking about, he posited that the breach most likely emanated from a bug in an ElasticSearch deployment by an unspecified government agency.

ElasticSearch is a popular search and analytics engine that stores, searches, and quickly analyzes large volumes of data and gives near-instantaneous results. The search engine is commonly used for security intelligence, operational intelligence, business analytics, and full-text searches.

Stolen Information Could Be Used In Crypto Attacks

And speaking to an online crypto publication, Kenny Li, cofounder of Manta Networks, a Web3 privacy project, indicated that the breach could have implications for the crypto industry.

He stated that the stolen information could be used for phishing attacks to steal people’s private keys or gain access to crypto exchanges and other decentralized apps.

The Breach is the Latest in a String of Personal Data Hacks in China

The alleged Shanghai National Police database breach is not the first time-sensitive information about Chinese residents has been illegally obtained. 

In 2016, dozens of senior Communist Party apparatchiks and business leaders like Jack Ma had their personal data exposed on Twitter.

A few years later, in 2020, a group of hackers allegedly stole the account details of more than half a billion Weibo users. And earlier this year, a human rights group offered proof of the ongoing abuse of ethnic Uyghurs through tens of thousands of hacked files from the autonomous Xinjiang region.

Traditionally, security breaches in China are rarely disclosed, primarily because of a lack of transparent reporting mechanisms and the government’s preference to keep a tight lid on any matter touching on the country’s security.

By the time of writing, neither Shanghai authorities nor the Cyberspace Administration of China had made a response to the alleged hack.

Back to the list