An anonymous threat actor is selling several databases which they claim contain more than 22 terabytes of stolen information on roughly 1 billion Chinese citizens for 10 bitcoins (approx. $195,000).
The announcement was posted on a hacker forum by a user with the handle ‘China Dan,’ saying that the information was leaked from the Shanghai National police (SHGA) database.
The information they shared about the allegedly stolen data suggests that these databases contain Chinese national residents’ names, addresses, national ID numbers, several billion criminal records, and contact information numbers.
ChinaDan shared a sample with 750,000 records containing delivery information, police call records, and ID information. These records would allow interested buyers to verify that the data for sale is not fake.
The threat actor stated in a post that: “In 2022, the Shanghai National Police (SHGA) database was leaked. This database contains many TB of data and information on Billions of Chinese citizens.”
“Databases contain information on 1 Billion Chinese national residents and several billion case records, including: Name, Address, Birthplace, National ID Number, Mobile number, All Crime / Case details.”
The threat actor confirmed that data was exfiltrated from a local private cloud provided by Aliyun (Alibaba Cloud), part of the Chinese police network (public security network).
On Sunday, Binance CEO Zhao Changpeng confirmed that his company’s threat intelligence experts spotted ChinaDan’s claims and said that the leak likely originated from an ElasticSearch database that a Chinese government agency accidently exposed online.
Zhao added, “our threat intelligence detected 1 billion resident records for sell in the dark web, including name, address, national id, mobile, police and medical records from one asian country. Likely due to a bug in an Elastic Search deployment by a gov agency.”
“This has impact on hacker detection/prevention measures, mobile numbers used for account takeovers, etc.”
Zhao added that “apparently, this exploit happened because the gov developer wrote a tech blog on CSDN and accidentally included the credentials.”
If Chinadan’s claims are accurate, this attack would be the most significant data breach ever impacting China and one of the largest in history.