A cybercriminal claims to have obtained data from one billion Chinese citizens and asks for only ten bitcoins in exchange.
An unknown hacker or group of cyber criminals expressed that they acquired the personal data of one billion Chinese citizens and are now offering it on the web for bitcoins.
According to the coverage of many media outlets, including Bloomberg, hackers would have entered the database the Shanghai National Police (SHGA) database in what got described as the most prominent security breach in history.
It Would be a Historic Data Leak for China
The CEO of cryptocurrency exchange Binance, Changpeng Zhao, was one of the first to open up and speak about the Chinese leak threat. In a tweet, Zhao expressed that his company’s threat intelligence systems discovered that one billion records from citizens of an unspecified country got to put up for sale on the dark web.
While he did not mention the offering in question, he said the breach may have happened due to a failure in ElasticSearch, a popular data search and analysis tool employed by businesses. He also expressed that Binance was increasing verification measures for users potentially harmed by the attack.
Although the Chinese authorities have not confirmed the veracity of the leaks or provided enough data about them, users in that nation expressed great interest.
According to a Reuters report, users of Weibo and WeChat social platforms in China were discussing the leak over the weekend, feeling worried about the suspected attack. Although Weibo later tried to stop the topic from becoming a trend when it blocked the hashtag #dataleak (data leak).
That report also pointed at Kendra Schaefer, director of technology policy research at Beijing-based consultancy Trivium China, who highlighted in a post on Twitter that it was hard to study this kind of rumor. If the purported leaked material came from China’s Ministry of Public Security, it would be bad for tons of reasons, Schaefer added, calling it one of the biggest and worst violations in history.
For his part, Kenny Li, co-founder of the web3 privacy project called Manta Network, revealed to The Block that the breach could have consequences for the digital asset space, as the stolen data could serve for spear phishing attacks. The main goal would be extracting access keys to crypto wallets, applications, or exchanges.
Data Privacy in China
The procedure the hackers used in the leak to gain access to the Shanghai police servers remains unclear. According to Bloomberg, a popular theory on the Internet mentions that the breach involved an external cloud infrastructure partner. According to that medium, Alibaba Group Holding, Tencent, and Huawei Technologies are among the most prominent cloud services in the nation.
The news comes as China pledged to work on several improvements regarding the privacy and protection of user data online, instructing its tech giants to secure storage after public complaints about mismanagement and misuse.
By: Jenson Nuñez
