An anonymous individual or organization is selling what they claim to be information on a billion Chinese residents for about $200,000.
According to NY Times, An anonymous hacker is offering to sell a database belonging to the Shanghai police department for 10 BTC, which is roughly $200,00 at today’s price. This database is said to contain information on around one billion Chinese residents, making it one of the greatest known data breaches involving personal information.
Given the magnitude of such data and the effect it might have, a lot of individuals in the crypto field were first skeptical of the hacker’s assertion that it was true. However, the hacker published some of the data in order to demonstrate how extensive the breach was.
Among the personal information released by the hacker were the names, gender, address, and ID number of more than one billion Chinese citizens. In some cases, people’s occupation, marital status, ethnicity, educational attainment, and even whether or not they’ve been designated as a “key person” by the country’s public security ministry could be found.
In addition, Binance’s Changpeng Zhao, also known as “CZ,” turned to Twitter to make the announcement that the company’s threat intelligence team had found resident data available for purchase on the dark web. Although, he did not specify which nation was involved. He concluded that a fault in the software of a government agency that made use of an “Elasticsearch” algorithm was to blame for the data breach.
Our threat intelligence detected 1 billion resident records for sell in the dark web, including name, address, national id, mobile, police and medical records from one asian country. Likely due to a bug in an Elastic Search deployment by a gov agency. This has impact on …
— CZ 🔶 Binance (@cz_binance) July 3, 2022
News of the attack sparked a flurry of conjecture among Chinese security experts about how it may have occurred. Official statements from the Shanghai police have not yet been made. Security experts who have spoken out are alarmed by the scope of the breach and the sensitivity of the exposed data, which includes details of criminal activities. According to CZ “this exploit happened because the gov developer wrote a tech blog on CSDN and accidentally included the credentials.”
Apparently, this exploit happened because the gov developer wrote a tech blog on CSDN and accidentally included the credentials.
— CZ 🔶 Binance (@cz_binance) July 4, 2022
In the past few years, the government of China has made significant efforts to tighten rules over a lax sector that has contributed to the growth of online fraud. However, the emphasis of this enforcement has often been on corporations in the technology industry.
The government, which has always had difficulty successfully protecting the mountains of data it gathers on its constituents, is often spared from the stringent regulations and penalties that are intended for online companies.