Hackers claim to have obtained a trove of data on 1 billion Chinese from a Shanghai police database in a leak that, if confirmed, could be one of the largest data breaches in history.
In a post on the online hacking forum Breach Forums last week, someone using the handle “ChinaDan” offered to sell nearly 24 terabytes of data, including what they claimed was information on 1 billion people and “several billion case records” for 10 Bitcoins, worth about $200,000.
The data purportedly includes information from the Shanghai National Police database including names, addresses, national identification numbers and mobile phone numbers, as well as case details.
A sample of data listed names, birthdates, ages and mobile numbers. One person was listed as having been born in “2020,” with their age listed as “1,” suggesting that information on minors was included in the data obtained in the breach.
The data leak initially sparked discussion on Chinese social media platforms such as Weibo, but censors have since moved to block keyword searches for “Shanghai data leak”.
One person said they were sceptical until they managed to verify some of the personal data leaked online by attempting to search for people on Alipay using their personal information.
“Everyone, please be careful in case there are more phone scams in the future!” they said in a Weibo post.
Experts said the breach, if confirmed, would be the biggest in history.
Such data leaks are fairly common, according to Michael Gazeley, managing director at Hong Kong-based security firm Network Box.
“There are approximately 12 billion compromised accounts posted on the Dark Web right now. That’s more than the total number of people in the world,” he said, adding that a majority of data leaks come from the US.
Last year, more than 533 million Facebook users had their data published in a hacking forum after hackers scraped its data due to a vulnerability that has since been patched.