Hacker stole records on 1 billion Chinese from police, selling for Bitcoin

A hacker claims to have stolen a huge trove of data on one billion Chinese citizens from a Shanghai police database, which cybersecurity experts say ranks amongst the biggest data breaches ever recorded if true.

Last week, a user identified only as “ChinaDan” posted the heist details on Breach Forums, a popular cybercrime message board and offered to sell the enormous cache for 10 Bitcoin, or roughly $200,000, reports Reuters.

"In 2022, the Shanghai National Police (SHGA) database was leaked. This database contains many TB of data and information on Billions of Chinese citizen," read the post.

"Databases contain information on 1 Billion Chinese national residents and several billion case records, including: name, address, birthplace, national ID number, mobile number, all crime/case details."

The monstrous data breach alarmed cybersecurity experts not only for its size, but also the sensitivity of information.

ChinaDan posted a sample of the data, who claimed it included 750,000 records with individuals’ personal names, national ID numbers, phone numbers, birthdays and birthplaces, along with detailed summaries of crimes and incidents reported to police, reports The Wall Street Journal.

The police reports range from incidents of petty theft to reports of domestic violence, ranging from 1995 to as recently as 2019.

The Wall Street Journal was able to verify several records from the leak by calling phone numbers. Five confirmed all the data in their file, including case details that would be near impossible for anyone besides police to obtain. Four more confirmed basic information like their names before hanging up.

One man, surnamed Wei, who reported being defrauded of 30,000 yuan by online scammers, reportedly sighed learning his data had been leaked.

“We are all running naked,” Wei said, using Chinese slang for a lack of privacy online.

Some analysts have expressed skepticism at the hacker’s claims. One Australian web-security consultant told The Wall Street Journal that the sheer size of the database, when set against China’s total population of 1.4 billion, drew some suspicion.

The Shanghai police and Chinese internet regulator have not yet responded to requests for comments.

Alibaba, whose cloud computing unit was allegedly breached by ChinaDan, said it is investigating.

China had been plagued by rampant identity theft and data leaks, which Beijing has attempted to stem over the past few years with new legislation and countermeasures.