A mysterious hacker claims to have carried out one of the biggest data thefts in history

Personal information of around one billion Chinese citizens has reportedly been stolen in what could be one of the biggest computer heists in history.

An unknown threat actor has taken to underground forums to announce a 23TB batch of sensitive data, allegedly stolen from a database belonging to a Shanghai police department.

The data would contain names, addresses, places of birth, national identification numbers, telephone numbers and information on criminal cases in which the individuals are involved. the wall street journal (opens in a new tab) claims to have verified at least a small portion of the data.

The mysterious attacker is asking for 10 bitcoins in exchange for the data, which translates to around $200,000 at the current market rate.

A bug or a mishap?

According to a Bloomberg (opens in a new tab) report, there has been no word from the Shanghai police, and the Cyberspace Administration of China is still silent on the matter as well.

But late last night, Changpeng Zhao, founder and CEO of cryptocurrency exchange Binance, tweeted that the company’s threat intelligence unit had detected one billion resident records offered for sale on the dark. web, “likely due to a bug in a government agency’s deployment of Elastic Search”.

“It impacts hacker detection/prevention measures, mobile numbers used for account takeovers, etc.,” he added. “It is important that all platforms strengthen their security measures in this area. Binance has already stepped up verifications for potentially affected users.

He later added that the attack was “apparently” made possible because a government developer wrote a tech blog that “accidentally included the credentials.”

Bloomberg reports that some cybersecurity experts, on the other hand, believe “the breach involved a third-party cloud infrastructure partner”, citing Alibaba, Tencent and Huawei among the largest vendors serving the region.

Inevitably, an incident like this invites comparisons to previous high-profile cybersecurity breaches that affected China.

In 2016, for example, personal information about dozens of Communist Party officials and industry figures – from Jack Ma to Wang Jianlin – was reportedly exposed on Twitter. While in 2020, a group of criminals stole sensitive data from more than 500 million users of the national Weibo microblogging platform.

Comments are closed.