An anonymous hacker has offered to sell the stolen personal data of over 1 billion Chinese citizens for 10 Bitcoin (BTC), roughly $200,000.
The data includes the names, birthplaces, addresses, phone numbers, national ID, criminal information, and other information of private citizens in the country.
The hacker reportedly gained access to the Chinese Shanghai police database stealing over 26 terabytes of personal data.
Gigantic civilian data leak if confirmed: A hacker is selling an alleged Shanghai police data leak containing 1 billion Chinese nationals’ names, home addresses, ID #, phone #, criminal records, etc. Hacker says it’s from an Aliyun (Alibaba) private cloud server. pic.twitter.com/IRPG35SWYI
— Zeyi Yang (@ZeyiYang) July 3, 2022
Many initially questioned the credibility of the hacker’s claim given the size and impact of such data. But the hacker revealed some parts of the data to show the extent of the damage.
Binance CEO Changpeng Zhao acknowledged the claim. Earlier today, he tweeted that his company’s threat intelligence detected someone offering to sell the data of a billion residents from an Asian country.
Our threat intelligence detected 1 billion resident records for sell in the dark web, including name, address, national id, mobile, police and medical records from one asian country. Likely due to a bug in an Elastic Search deployment by a gov agency. This has impact on …
— CZ 🔶 Binance (@cz_binance) July 3, 2022
According to CZ, the breach was likely “due to a bug in an ElasticSearch deployment by a gov agency.” However, he has confirmed that the exploit was because “the gov developer wrote a tech blog on CSDN and accidentally included the credentials.”
Apparently, this exploit happened because the gov developer wrote a tech blog on CSDN and accidentally included the credentials.
1 billion records of private citizens’ data. 😭 https://t.co/vPISm534Tn pic.twitter.com/FpMCGrpx08
— CZ 🔶 Binance (@cz_binance) July 4, 2022
Zhao said that Binance has improved its security measures to verify affected users. He also called on other platforms to do the same.
Authorities in China are yet to confirm or deny the breach.
