An unidentified threat actor is offering databases with what they claim to be more than 22 gigabytes of stolen data on around 1 billion Chinese residents for 10 bitcoins (about $195,000). The disclosure was made on a hacker forum by a user going by the pseudonym “ChinaDan,” who claimed that the data was stolen from the database of the Shanghai National Police (SHGA).
According to the details they provided on the allegedly stolen data, the databases include names, residences, national ID numbers, phone numbers, and several billion criminal histories of Chinese people. Additionally, ChinaDan provided a sample of 750,000 data that included information on deliveries, IDs, and police calls. These documents would enable potential customers to confirm that the information sold is authentic.
“In 2022, the Shanghai National Police (SHGA) database was leaked. This database contains many TB of data and information on Billions of Chinese citizens,” said the threat actor. “Databases contain information on 1 Billion Chinese national residents and several billion case records, including: Name, Address, Birthplace, National ID Number, Mobile number, All Crime / Case details.”
Data exfiltration from a local private cloud offered by Aliyun (Alibaba Cloud), a component of the Chinese police network, was confirmed by the threat actor (also known as the public security network). The breach was most likely caused by an ElasticSearch database that a Chinese government agency unintentionally posted online, according to Binance CEO Zhao Changpeng, who stated this on Sunday. Zhao Changpeng verified that his company’s threat intelligence analysts had picked up on ChinaDan’s assertions.
Zhao further said that their threat intelligence discovered 1 billion resident records, including name, address, national identification number, mobile phone, police, and medical records, from one Asian country for sale on the dark web. Most likely due to a flaw in an Elastic Search deployment by a government organization. This affects tools for detecting and preventing hackers, cellphone numbers used for account takeovers, and other things.
Zhao further clarified that it appears that this hack took place as a result of the government developer unintentionally posting the credentials in a tech blog on CSDN. If ChinaDan’s allegations are confirmed to be true, this would be the biggest data breach in history and the one with the most impact on China.